Talk:Conficker computer worm infections soar

Latest comment: 15 years ago by Xenon54

Don't forget categories. --SVTCobra 20:14, 19 January 2009 (UTC)Reply

Some comments on this article:

Good work, However it still leaves some questions unanswered. It could be better if it:

  • Clarified what the payload of this virus. Does it do anything other than install other badness. What is the nature of the malware it installs
  • Clarified What generate domain names mean. Does it just make a long list of domain names, and chose one?
    • On that note, specify which domain name it actually connects to (the one alleged to be in Ukraine)

Bawolff 23:03, 19 January 2009 (UTC)Reply

  • All any of the sources (and even F-Secure) said was that it downloads "the hacker's files" (as the BBC put it).
  • It makes a long list of names and chooses one. I don't know if it's the same one every time, or if there are several that redirect to the bad domain.
    • The domain name wasn't listed in any of the sources. F-Secure supposedly has found it and is monitoring it (which is why we know how many PCs are infected). The BBC lists several examples, but doesn't list the actual domain, probably to stop Mr Clumsy Clicker from infecting his PC. Xenon54 (talk) 23:28, 19 January 2009 (UTC)Reply
ok. As another side note, Is this a virus or a worm. I think this would technically be a computer worm, not a virus, however most people think they're the same thing. Do we care about what is the technically right name, or should we use what most people refer to it as. Bawolff 02:21, 20 January 2009 (UTC)Reply
Reading more of the sources (specificly [1]), I'm not sure- but it appears it may spread over the internet, as:
  • It attacks windows network shares (thats generally not over the internet, but still over network. If your local network extends over the internet, then perhaps this is over the internet)
  • It creates a webserver on infected machines on a random port in order to propagate itself to other machines. (and then I think it sends out RPC requests using the security vulnrability in Windows RPC stuff to get victim machines to download the worm from the webserver it just created)

It also seems to have a big list of domain names it blocks access to (like anti-virus domains). And it attempts to download other various malware from a domain name generated by the current time (with current time obtained from various websites like google and the w3c). (I think anyways, its possible i misread some of this stuff) Bawolff 02:21, 20 January 2009 (UTC)Reply

I'll go ahead and add some of that. Thanks. Xenon54 (talk) 02:24, 20 January 2009 (UTC)Reply
Return to "Conficker computer worm infections soar" page.