jump to navigation

Conficker Goes Active April 9, 2009

Posted by baldricman in News, Tech.
Tags: , , ,

Last week Deems posted about the Conficker worm that was set to strike on April 1st. Researchers, at the time, reminded us that the virus probably wouldn’t “go active”, at least not overtly, but would be more likely to wait it out a little longer till all the hype died down.

And so yesterday, at just over a week after its “wake-up”, Conficker started making some rustling noises in the bush. From an article at JCXP:

Researchers at Trend Micro have been tracking the worm since its discovery, and found that yesterday, the worm had awakened, and was dumping mysterious payloads on to victim’s computers. The payloads, suspected to be keyloggers of some sort, comes in the form of a .sys file, hidden behind a complex rootkit. Due to heavy encryption, researchers are having a difficult time analyzing the code of the program.

If your anti-virus and anti-spyware tools didn’t block it or cannot remove it (because the worm attempts to disable these tools), see the manual-removal instructions here.


1. James - April 9, 2009


Good article. Sophos’ Conficker removal tool can detect and remove all variants of the worm/virus.

As long as people run these tools it should stop any serious outbreak.


baldricman - April 9, 2009

thanks for stopping by James, and thanks for the link.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: