If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)

Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

about downadup worm Also known as Conficker or Kido

zenno · 2009-01-19 01:51:23

well just to let you all know if you haven't updated using windows update you would better do it now as this downadup worm Also known as Conficker or Kido is a real problem to remove plus its a complicated one as well. now i have heard that it can defeat the windows update definition package that microsoft gave out a few…

19-01-2009 1:51am

#1

zenno

Closed Accounts Posts: 5,377 ✭✭✭

Join Date: May 2008

Posts: 5255

well just to let you all know if you haven't updated using windows update you would better do it now as this downadup worm Also known as Conficker or Kido is a real problem to remove plus its a complicated one as well. now i have heard that it can defeat the windows update definition package that microsoft gave out a few weeks back. this worm could become a rival to already established botnets like Storm or Srizbi. In late December, BitDefender Labs uncovered a new version of the worm called Win32.Worm.Downadup.B. The malware features some enhancements along with the distribution routine.
Specifically, the worm uses USB thumb drives to infect other computers. It does this by copying itself in a random folder created inside the recycler directory. The Recycle Bin uses the recycler directory to store deleted files and create an autorun.inf file in the root folder. When the Autorun feature is enabled, the worm executes automatically.
Certain TCP functions also block access to security-related Web sites by filtering every address that contains certain strings. According to BitDefender, this makes it harder to remove since information about it is virtually impossible to gather from an infected computer. What's more, this worm removes all access rights of the user, except execute and directory usage, to protect its files. so make sure you are notpaying for fake antivirus software -- which is what Downadup/Conficker does. It uses a complicated algorithm which changes daily and is based on timestamps from public websites such as Google.com and Baidu.com. With this algorithm, the worm generates many possible domain names every day.
Hundreds of names such as: qimkwaify .ws, mphtfrxs .net, gxjofpj .ws, imctaef .cc, and hcweu .org.
This makes it impossible and/or impractical for us good guys to shut them all down — most of them are never registered in the first place.
However, the bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website — and they then gain access to all of the infected machines. Pretty clever.

On the other hand, anybody can register one of the unused domains and gain access to all of the infected machines. Pretty dumb. However, everyone will sit by and watch the infections happen, because we can't interfere: unauthorised use of a PC may even be illegal. It's like watching a small child wandering onto a motorway…. windows vista users i'm sure won't be affected. yet anyway. well at this moment they say vista users are affected as well so disregard.

0