jump to navigation

Conficker por enquanto tá suave April 1, 2009

Posted by Samuel RIbeiro in Vírus.
trackback

O caso é sério, mas é de tirar o chapéu para as mentes criadoras do Conficker.
Informações sobre Conficker

Embora as máquinas infectadas já tenham começado a fazer a comunicação com os servidores, nada diferente foi verificado até o momento. No entanto, os especialistas acreditam que os criadores da praga podem estar esperando a hora certa, provavelmente após o furor gerado pela praga, para efetivamente promover um ataque. Matéria completa

Abaixo uma tabela completa do que faz as versões do Vírus
There have been several variants of Conficker reported from the wild. The following table summarizes and distinguishes the critical features of each variant:

Variant
Spreads Via…
Payload
Additional Information
Worm:Win32/Conficker.A
Discovered Date:
21st Nov 2008
Payload Trigger Date:
25 Nov 2008 and later
-Exploiting the vulnerability outlined in Security Bulletin MS08-067. 
-Generates 250 URLs daily that it checks for updates
-Resets System Restore Point
The name of this family was derived by selecting fragments from
‘trafficconverter.biz’,
a string found in this variant.
Discovered Date:
29th Dec 2008
Payload Trigger Date:
1 January 2009 and later
In addition to the method used by the .A variant (above):  
-Network shares with weak passwords
-Mapped and Removable drives
-Uses a scheduled task to execute copies of the worm on targeted machines
In addition to the .A variant’s Payload (above – although .B uses a different method to generate URLs):
– Blocks access to many security-related websites
-Modifies system settings
-Terminates system and security services
This variant built on the functionality of the .A variant by adding new spreading mechanisms and by making itself more difficult to remove. 
Discovered Date:
20th Feb 2009
Payload Trigger Date:
1 January 2009 and later
Uses the same methods listed above for the .B variant.
In addition to the Payloads listed above for .A and .B:
– Uses additional method for downloading files that utilizes Peer-to-Peer communications
– Adds checks to verify the authenticity/validity of content targeted for download
Very similar to the .B variant in function (this variant has even been referred to as variant .B++).
Discovered Date:
4th Mar 2009
Payload Trigger Date:
1st April 2009 and later
No spreading functionality per se. Distributed as an update to machines previously infected with the .B and .C variants.
In addition to the Payloads listed above for .A and .B, with some variations:
– Generates 50,000 URLs to download files from. This variant only visits 500 of the generated URLs within a 24-hour period.
– Expands on efforts to hinder its removal from an affected machine.
Spreading functionality was removed from this variant. It continues to expand on its file downloading payload and targets a broader range of processes to terminate (appears to be targeting cleaning utilities designed specifically to remove Conficker). It also blocks access to additional security-related websites.

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: