Home Conficker Worm Alert: Conficker.C Comes Out of Dormancy Likely to Cause Destruction

Alert: Conficker.C Comes Out of Dormancy Likely to Cause Destruction

Posted: April 9, 2009

Conficker.C has awakened and is starting to cause additional concern of being more dangerous and powerful than ever. The Conficker worm has come back alive and starting to update through peer-to-peer between infected computers dropping unknown files or programs. The software that is being dropped appears to be a .sys component hiding behind a rootkit. As you may already know with rootkits it could be software that is developed to hid the fact that a system has been compromised.

Because Conficker is already encrypted to the point where security analyses are not able to figure out all of the details in pinpointing Conficker's next moves, it is difficult to be 100% sure of what Conficker is currently doing as it contacts DNS names.

What we do know about Conficker is that during this stage of reactivating or awakening, it has attempted to connect to popular sites such as AOL.com, eBay.com, MSN.com, CNN.com and MySpace.com for conducting a test to see if the infected computer has internet access or not.

On Trendmicro's blog it is stated that Conficker will perform the following functions:

  1. May 3, 2009, it will stop running.
  2. Runs in random file name and random service name.
  3. Deletes this dropped component afterwards.
  4. Propagates via MS08-067 to external IPs if Internet is available, if no connections, uses local IPs.
  5. Opens port 5114 and serve as HTTP server, by broadcasting via SSDP request.
  6. Connects to the following sites:
    aol.com
    cnn.com
    ebay.com
    msn.com
    Myspace.com

We know a lot more about Conficker.C than we did before April 1st. Conficker.C still remains to be a mystery when it comes to predicting the damages that it will cause. However, you can check your system to see if you are infected with Conficker or other variants of Conficker including Conficker.C., by simply attempting to navigate to security websites or Microsoft.com. If you cannot view security websites or Microsoft.com then you may have the Conficker worm on your computer.

Do you think Conficker.C will be the one of the word computer infections this year? Are you taking precautionary measures to protect your system from the Conficker Worm by applying MS08-067 update from Microsoft.com?

Download the Free Conficker removal tool!

2 Comments

  • www.eradicatespyware.net/blog says:
    April 20, 2009 at 5:34 am

    It seems conficker worm family is itself nightmare for many
    first it was likely to hit on april fools day , but could not .
    after that conficker was again ready to target with masked form.

    thanks for nce technical update on conficker

  • galaxy ace says:
    November 8, 2011 at 2:10 pm

    now I will know, I thank for the information.

Loading...