Tech & Biz

Conficker C Worm: It's Not Over Yet (Testing and Removal Tool)

by jordan | April 9, 2009 at 08:01 pm

1609 views | 14 Recommendations | 1 comment

The Conficker C Worm (aka April Fools Worm) didn't do much of anything on April Fool's Day, but infected machines around the world are beginning to show some worm-instigated activity.

Update:

Update: Conficker C is also installing scareware, a fake anti-virus alert that implores you to install an antivirus software (for fifty bucks, no less!), which will, of course, further compromise your already-reeling PC. Don't buy it, literally and figuratively.

Previously: The worm is communicating with a well-known malware server to download new (presumably malicious) components, including a May 3 uninstall script, for hit-it-and-quit-it functionality. You are not powerless, though: here's a testing tool and a link to the removal tool.

But to what fell purpose? Nobody's 100% sure. However, even if Conficker C is just going to download a bunch of cute puppy pictures, it's still doing so against your will, which is a bad thing.

This new variant sheds some interesting light on the origins of the worm, according to the researchers, and its potential link to the Waledac malware family which is responsible for one of the most active spam botnets around

More dirty details from TrendMicro. That it tries to connect to sites like Myspace and ebay sets off my SpamAlarm.

A week after failing to do anything but snore, the much hyped Conficker worm was roused from its slumber on Wednesday, with infected computers transmitting updates via peer-to-peer and dropping a mystery payload onto PCs. Researchers suspect that the payload program may be a keystroke logger, a spam generator, or both.

Conficker now also tries to connect to MySpace.com, MSN.com, eBay.com, CNN.com, and AOL.com as a way to test that the computer has Internet connectivity, deletes all traces of itself in the host machine, and is set to shut down some functionality on May 3.