Not every Botnet is Conficker

If it was the intention of the Conficker gang to create a huge splash, they succeeded. (In fact, it’s quite possible that they’ve attracted more attention than they really wanted.) In any case, it seems that lots of people are looking nervously over their shoulders for any indication that something unpleasant and Conficker-related is about

After the Hype is Gone

We all have recently endured a week or so of extensive media hype about a worm called “Conficker”. Phrases such as “One of the worst viruses ever” and other such nonsense were tossed around like promises at a political rally, with about the same level of honesty and accuracy, perhaps even less. Conficker was already

How Embarrassing

I wondered why a newsletter from “Windows Secrets” got flagged as spam. It is because they have reduced themselves to as much. Near the top of the newsletter it proclaimed: Remove the Conficker worm: register now Conficker is one of the worst viruses in history and has infected over 15 million PCs. We are offering

Conficker: After the Flood, the Backlash

Good morning. Is there anyone still out there and connected? Thought so. While one or two people who comment here seem to think I’m personally responsible for developing, maintaining, and marketing ESET products (and in at least one case writing the malware as well) I’m afraid I didn’t spend April 1st crouched over a rack

For the Hypochondriacs…

I’ve tried to convince you all that you really need to watch out for all of the threats and that it really isn’t worth worrying about Conficker, but if you are still worried about Conficker we do have a knowledge base article you can peruse at If you apply your security patches, disable autorun,

Who is the April Fool?

I kept telling everyone to worry about being secure, not about Conficker. Some people listen, some don’t. So what happened over about the past 24 hours? According to ESET’s ThreatSense.Net, by about 2 PM GMT on April 1st, of the top 20 threats encountered by our users in the past 24 hours, four out of

Conficker: the rest is probably not silence

So, nothing happened? Well, yes. Our labs, who’ve been monitoring carefully, note that Conficker changed communication protocols, just as the code said it would. No doubt in the fullness of time, the botnet will start doing what botnets do: it would be bizarre to put this much effort into a project and then not try

April (1st) in Paris (London, Tokyo…)

…as I write, it’s past midnight here in the UK. In some parts of the world it’s already been April 1st for nearly 14 hours. I have yet to hear any reports of melted PCs, disappearing internets, or institutions DDoS-ed into insolvency by Conficker. I’ve just received email from a colleague in Sydney, where it’s business as

Conficker Launches Cyber Attack Against Big Ben

In an apparent effort to cause British commuters to miss their trains, Chinese hackers have ordered the Conficker.C botnet to randomly change the time on the venerable and vulnerable Big Ben. This has caused millions of Londoners to be late for work this morning. Hey, this is no more ridiculous than trying to protect against

Watch out for the Honda Accords

Why watch out for the Honda Accords?  Well, automobile accidents are one of the leading causes of injury and death and Accords are very common cars. This sounds pretty silly, doesn’t it? I mean, wouldn’t it make sense to drive like any car is a potential threat and drive as best as you can to

Catching Conficker – a New Development

I can already hear a chorus of "Not ANOTHER Conficker blog?", but some of you will want to know about this development. The Honeynet Project has announced a new scanning tool for detecting Conficker, which gives network and system administrators a very handy extra tool for detecting Conficker activity on their networks. Furthermore, the tool

Conficker Removal (Update)

[Update: it seems that people who missed the whole MS-DOS/having fun with the C> prompt and batchfiles thing are still struggling with the fact that vendors are releasing cleaning tools that are really command-line tools, so some step-by-step notes are added below.] I’m sure you’re almost as bored with this issue as I am with the

Conficker: Before the Flood (April Showers)

I don’t, of course, know for sure what’s going to happen on April 1st, when Conficker is timed, potentially, to go to its next stage of evolution. We do know, from inspecting code in the variants and subvariants that have come our way, that infected machines will be looking for instructions and updates on that date. At the very least,

Foil Conficker Get Rid of AutoRun

OK, this doesn’t actually foil Conficker, but it does block one of the attack vectors and prevents many other threats from automatically infecting your computer too, It is the longest standing un-patched Microsoft vulnerability and Microsoft calls it a “feature”. The idea of autorun is to attempt to make it so that a person can

Don’t Be An April Fool!

The highly publicized Conficker worm has a new version that is assumed to trigger on April 1st. There are a few steps you should take right now. First, back up any important data. This is just plain sound advice, regardless of viruses, worms, etc. A hard drive crash can destroy data. Make sure that the

Conficker Resurgent

It appears there are interesting developments in the Conficker/Downadup development front. Peter Coogan of Symantec describes here a variant that doesn’t appear to be interested in infecting new machines, rather more so in updating and protecting itself on systems already infected with previous variants. (And, yes, ESET’s ThreatSense technology does already detect it heuristically!) It seems to have

Threat Trends In January

Here at ESET we have just released our Global ThreatTrends report for January 2009. Not surprisingly, at the top of the list is a family of programs that exploit Microsoft’s longest unpatched vulnerability. That’s right, Autorun.inf, is an evil “feature” that should have been patched out of existence a long time ago. Since it is

Conficker Statistics

I just did some work on a report that quotes some of the various statistics – or do I mean guesstimates? – regarding how many machines were likely to have been infected by Conficker. That report has already gone out, but it’s been pointed out to me that the wording makes it sound like we’re

Conficker Clarified

I just happened upon a blog that made an interesting point about the information that’s been made about Conficker. Essentially, the writer was fulsome in her praise of an article by Gary Hinson here, which gave some simple advice on dealing with Conficker/Downadup. As it happens, I’m familiar with the name Gary Hinson: he also contributes

Confounding Conficker

[Update: Spiegl Online reports (in German!) that the total may be as high as 50 million infected machines: however, this figure seems to be extrapolated from the number of infections picked up Panda's online scanner. Statistically, I'm not sure it makes any sense at all to try to correlate this self-selecting sample to the total population of

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

1 article related to:
Hot Topic
07 Apr 2009
ESET Virus Radar


Select month
Copyright © 2014 ESET, All Rights Reserved.