Advertise

Risk

3/13/2009
09:59 PM

George V. Hulme
Commentary

0 comments
Comment Now

50%

No Fooling: Conficker Set To Strike April 1

Almost two months ago, we noted how antivirus firm F-Secure estimated that the Conficker/Downadup worm had infected nearly 9 million PCs. Today, IT management vendor CA warns that the worm has big plans for April Fools' Day.CA Security reports in this advisory that a new version the Conficker/Downadup worm (official name: Win32/Conficker.C) will attempt to randomly generate 50,000 URLs a day and report back to any one of 500 of them.

The idea is to make it nearly impossible for the URLs to be shut down in time, and reduce the odds of any of the servers it needs to connect to transmit or access data is available. It'll also threaten to make straightforward URL blocking/filtering defenses useless, if not much less effective. We'll see how well the new Conficker works. Hopefully, it doesn't.

This new variant also makes attempts at removing security tools designed to spot and eliminate this critter.

Integrator and security software maker Enigma Software Group has published a free Conficker removal tool, demonstrated in the video below.

The Conficker removal tool can be downloaded from this Web page.

I don't have a Windows virtual machine readied to try this tool. So if you've used it, please drop a note and let us know how well it's worked.

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Zero Trust for a Work-From Home World

Nip Ransomware in the FUD: Detecting Attacks Pre-Encryption

More Webcasts

White Papers

Osterman Research: Cyber Crisis Response - Fit For Today's Threat Landscape?

How Secure Are Your Endpoints?

More White Papers

Reports

The Malware Threat Landscape

How Data Breaches Affect the Enterprise (2020)

More Reports

Comments

Oldest First | Newest First | Threaded View

[close this box]

Be the first to post a comment regarding this story.

Editors' Choice

How SolarWinds Busted Up Our Assumptions About Code Signing

Dr. Jethro Beekman, Technical Director, 3/3/2021

'ObliqueRAT' Now Hides Behind Images on Compromised Websites

Jai Vijayan, Contributing Writer, 3/2/2021

Attackers Turn Struggling Software Projects Into Trojan Horses

Robert Lemos, Contributing Writer, 2/26/2021

Live Events

Webinars

Interop Digital - Free Cybersecurity Event April 29

Communications & Collaboration: 2024 (March 9-10)

Network Security for 2021 and Beyond (April 29)

More Informa Tech Live Events

White Papers

Osterman Research: Cyber Crisis Response - Fit For Today's Threat Landscape?

Insider Risk Management: A Better Way to Prevent Data Leaks

Trustwave Global Security Report

Supercharge Incident Response with DDI Visibility

Accelerate Threat Resolutions with DNS

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: Lexi's just checking the fire meets specifications for this years PCI-DinoSS assessment.

Cartoon Archive

Current Issue

2021 Top Enterprise IT Trends

We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises are Developing Secure Applications

Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.

Download Now!

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-5148
PUBLISHED: 2021-03-05

SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall a...

CVE-2020-36255
PUBLISHED: 2021-03-05

An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens.

CVE-2019-18351
PUBLISHED: 2021-03-05

An issue was discovered in channels/chan_sip.c in Sangoma Asterisk through 13.29.1, through 16.6.1, and through 17.0.0; and Certified Asterisk through 13.21-cert4. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijac...

CVE-2021-27963
PUBLISHED: 2021-03-05

SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.

CVE-2021-27964
PUBLISHED: 2021-03-05

SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]