Conficker, week late, activated now

Conficker.C woke up recently. It can now also be referred to as Conficker.D / Conficker/D, Downadup.E, Downadup/D. It downloaded an update that most likely contains a key logger and other good stuff.

This Trend Micro article states:

Days after the April 1st activation date of Conficker, nothing interesting was seen so far in our Downad/Conficker monitoring system except the continuous checking of dates and times via Internet sites, checking of updates via HTTP, and the increasing P2P communications from the Conficker peer nodes.

Well that was until last night when we saw a new file (119,296 bytes) in the Windows Temp folder. Checking on the file properties reveals that the file was created exactly on April 7, 2009 at 07:41:21.

There may be some web traffic to a certain site, http://goodnewsdigital(dot)com, and some sites recommend blocking it, but this is difficult, as the Internet addresses that this site points to changes with every look up!

Best way of dealing with this: update your signatures of whatever Anti-Virus installation you have and scan all your machines ASAP.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: