This worm connects to the following website(s) to download and execute a malicious file: (Note: The default value data of the said registry entry is 1.) (Note: The default value data of the said registry entry is 2.) (Note: The default value data of the said registry entry is user-defined.) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ It modifies the following registry entries: This worm adds the following registry entries as part of its installation routine: It drops the following copies of itself into the affected system: It also highlighted the need to patch and the need for better management of legacy systems, especially those systems that are hooked up to a company's network. The CONFICKER infection brought to light many security issues that were later actively addressed by updates in newer Windows operating systems. To add to this, there was a significant number of machines that were not patched because of various reasons - some were revealed to be because of piracy, others were legacy systems running old programs that were only supported by older Windows operating systems. Also, the AUTORUN feature on Windows systems, which is enabled by default, allowed easy propagation and execution when a CONFICKER-infected USB is plugged in to a clean machine. Part of the difficulty of removing a CONFICKER infection is its capability to block access to security and antivirus-related websites. It attempts to connect to a randomly-generated URL, which it created using its own domain-generation algorithm, to download additional files to infected systems. What makes CONFICKER notable is the fact that most of these worms are capable of generating hundreds of URLs that it connects to. Other variants after the first CONFICKER worm spread to other machines by dropping copies of itself in removable drives and network shares. The first variant of the CONFICKER malware family was seen propagating via the MS08-067 Server service vulnerability back in 2008. Infection Channel: Propagates via network shares, Propagates via software vulnerabilities, Propagates via removable drives
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |