downadup

(get it in RSS or Atom)

Many PCs still not patched against Conficker vulnerability

Image (1) endpoint-assessment.jpg for post 12053

Scott Lewis in our Columbus office has been doing some number crunching, and come up with some disturbing statistics after examining the data produced by Sophos's free endpoint assessment test. The Sophos Endpoint Assessment Test is a free tool that Read more…

New domains and processes blocked by Conficker update

Default image

Our analysis of the new Conficker variant that first appeared around a day ago is ongoing. We now know that as well as the executable component, an update to the Conficker DLL in the system32 folder is installed. Initial analysis Read more…

Conficker headline competition - we have a winner!

Image (1) fox-time-bomb.jpg for post 12045

Thanks to everyone who entered the Conficker news headline competition I was running earlier this week. Here's just a few of the entries: Conficker: world's greatest April Fool's joke or 'digital Pearl Harbor'? Conficker: Doomsday or Rickroll? Brainy worm might Read more…

Conficker-C: A technical analysis

Image (2) conficker-cover.jpg for post 12039

Niall Fitzgibbon and Mike Wood in SophosLabs have written a detailed technical paper analysing the latest version of the Conficker worm. It's an excellent piece of research, but not for the faint-hearted so be sure to be wearing your propeller Read more…

So, who did hype up Conficker?

Image (1) conficker-headlines.jpg for post 12038

Charles Arthur has written a curious piece on The Guardian website this morning: "Antivirus companies' worst fears realised as Conficker does... nothing". Charles argues that it was some parts of the anti-virus industry that started the panic, but unfortunately doesn't Read more…

What's the best Conficker news headline you've seen?

Image (1) conficker-headlines.jpg for post 12036

The hours are ticking down to April 1st - in fact, in some parts of the world it's already April Fool's Day. (Wave to our friends in eastern Australia and New Zealand!) But Conficker works at its own pace, and Read more…

Conficker's impact on Google Search

Image (1) conficker-effect.jpg for post 12035

No, don't worry - I'm not saying that Conficker has some secret payload that interferes with Google. :) Instead I wanted to point out how a hystericane (also known as a hysteria hurricane, or a frenzy generated by a media Read more…

Video: Conficker and April 1st - what's all the fuss about?

Video: Conficker and April 1st - what's all the fuss about?

Sean Richmond and Duck in our Sydney office recorded a podcast all about Conficker and April Fool's day. For a bit of fun we added some graphics and fairy dust and turned it into a movie. (Enjoy this video? You Read more…

Hype, April fool's day, and the Conficker worm

Image (1) conficker-sun.jpg for post 12030

"Millions of computers around the world could go into meltdown on April 1 because of a deadly virus." Those are the words from a report in today's soaraway Sun, a British tabloid newspaper. With that kind of talk in a Read more…

Conficker: Why I can't tell you what it will do on April 1st

Conficker: Why I can't tell you what it will do on April 1st

There's been a lot of media interest in the last few days regarding what the Conficker worm might do on April Fool's Day. Well, here's the bad news. I'm afraid it's not possible for us to analyse any potential payload Read more…

Microsoft offers $250,000 for the head of Conficker's author

Image (1) dollars.jpg for post 13533

Microsoft has announced that it is offering a $250,000 reward for information that leads to the capture and conviction of the authors of the Conficker worm (also known as Downadup or Confick). This development shouldn't surprise anyone. Microsoft's reputation is Read more…

System administrators point the finger at each other over Conficker virus outbreak

Image (1) conficker-poll.gif for post 11971

You're not a very forgiving bunch are you? :) At least, that's the message I'm getting from the poll we ran overnight. It looks like 30% of you feel that fellow system administrators should shoulder the blame for the recent Read more…

Quick poll: Conficker worm - who is to blame?

Default image

The Conficker worm is continuing to make the headlines and create headaches for some system administrators - indeed, it's one of the biggest virus outbreaks we've seen for some time. If you've got two seconds then why not just give Read more…

Passwords used by the Conficker worm

Image (1) confick-passwords.gif for post 11964

It's not possible to emphasise enough the importance of using sensible passwords on your network. Not just on the areas of your network that you don't want your users to traipse through, but also on the default network shares that Read more…

How to stop the Conficker worm on an unpatched PC

Image (1) wall-worm.jpg for post 11959

In the last week or so there has been a resurgence in the Conficker worm (called W32/Confick by Sophos's anti-virus products, and also known as Downadup) that we first saw in November. This is probably due to the malware authors Read more…

A Confick of interest

Default image

Earlier this week we witnessed the release of a new propagation technique that exploits a recent Microsoft vulnerability in the Windows Server Service. W32/Confick-A uses this security loop-hole to propagate its malicious DLL across user networks, generally making a real Read more…

Conficker worm exploits Microsoft MS08-067 vulnerability

Conficker worm exploits Microsoft MS08-067 vulnerability

Back in October I warned you about a critical security vulnerability found in some versions of Microsoft Windows. Known as as MS08-067, Sophos published information about this serious vulnerability and warned of the potential for worms to be written which Read more…