Hi malware fighters,

The makers of the Conficker worm malware are very advanced malcreants: http://www.dshield.org/diary.html?storyid=5842

polonus

While much of that is a little beyond my understanding, it is still an interesting read.

It’s too bad people who are so smart use their knowledge for evil.

Well I would guess that some of the malware writers are Security professionals who are now unemployed because of the world’s economy going downhill.

Hi CharleyO,

About what the infested machine are going to be used for:
http://matchent.com/wpress/?q=node/437

Conficker removal
http://www.pchubs.com/blogs/conficker-worm-removal-process-and-new-information-on-conficker

How do I know that I am infected?
The worm creates the following service:

* Name: netsvcs
* Path: %SystemRoot%system32svchost.exe -k netsvcs

The following registry adding is made by the worm:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesnetsvcsParameters"ServiceDll" = “[PathToWorm]”

Solution
To prevent this worm from infecting important is to install the Microsoft patch:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Through the Symantec removal tool the worm can be cleansed from your PC:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99
First remove the worm with the Symantic patch and then run the Windows Update or Microsoft patch.

Has your computer been infected with Conficker?Than you do not longer have the opportunity to download an up-to-date version of the Malicious Software Removal Tool (MRST) through Microsoft’s website. To work this software anyway you can use the same software here:
http://www.waarschuwingsdienst.nl/download/windows-kb890830-v2.7.exe

The md5 checksum of this file is: 6c231da7abf5a27792344f9581b8b05b

It is also important to realize that an infection with Conficker trhough a USB-stick/pendrive always stays a possibility, even when you have installed Microft latest updates, your PC can get infected. Well the installation of the most recent updates makes this infection less likely, and using your PC with only user rights also diminishes this risk…because the worm cannot infect you automatically…

http://www.secureworks.com/research/threats/downadup-removal/?threat=downadup-removal

pol

No problems here as I am always fully updated.

Another interresting read, Polonus … thanks.