Conficker Worm Patch Download

  1. Conficker Worm Patch Download Free
  2. Conficker Worm Information
  3. Conficker Worm Patch Download Windows 7
  4. Conficker Worm Patch Download Torrent

If the machines are not rebooted they will continue to generate traffic. If rebooting does not help -- it is possible that the ms08-067 patch either is not installed or has been patched by Conficker itself so will need re-installing.

Because your browser does not support JavaScript you are missing out on on some great image optimizations allowing this page to load faster.

Conficker Worm Patch Download

Send us feedback

Severe Detected with Windows Defender Antivirus

Aliases:TA08-297A (other) CVE-2008-4250 (other) VU827267 (other) Win32/Conficker.A (CA) Mal/Conficker-A (Sophos) Trojan.Win32.Agent.bccs (Kaspersky) W32.Downadup.B (Symantec) Trojan-Downloader.Win32.Agent.aqfw (Kaspersky) W32/Conficker.worm (McAfee) Trojan:Win32/Conficker!corrupt (Microsoft) W32.Downadup (Symantec) WORM_DOWNAD (Trend Micro) Confickr (other)

Summary

Microsoft security software detects and removes this threat.

This family of worms can disable several important Windows services and security products. They can also download files and run malicious code on your PC if you have file sharing enabled.

Conficker worms infect PCs across a network by exploiting a vulnerability in a Windows system file. This vulnerability is described and fixed in Security Bulletin MS08-067.

Some worms can also spread via removable drives and by using common passwords.

Conficker Worm Patch Download Free

Find out ways that malware can get on your PC.

  • Apply the update in Security Bulletin MS08-067.
  • Apply the update in Microsoft Knowledgebase Article KB971029.
  • Change your passwords, and make them strong.

Use the following free Microsoft software to detect and remove this threat:

  • Windows Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista

You should also run a full scan. A full scan might find other, hidden malware.

Additional recovery steps

You might not be able to connect to websites related to security applications and services that can help you remove this worm.

Microsoft Help and Support have provided a detailed guide to removing a Conficker infection from an infected PC, either manually or by using the Malicious Software Removal Tool (MSRT).

More information about deploying MSRT in an enterprise environment can be found here:

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

Variant comparison

There are several variants of Conficker, summarized in the table below. Also see the individual descriptions for each variant for more information.

VariantSpreads by...Payload
Worm:Win32/Conficker.A
Discovered date:
21 November 2008
Payload trigger date:
25 November 2008
Exploits the vulnerability outlined in Security Bulletin MS08-067
  • Generates 250 URLs daily that it checks for updates
  • Resets System Restore Point

Worm:Win32/Conficker.B
Discovered date:
29 December 2008
Payload trigger date:
1 January 2009

Same as .A variant, plus:

  • Network shares with weak passwords
  • Mapped and removable drives
  • Uses a scheduled task to run copies of the worm on targeted PCs

Same as .A variant (although with a different way of generating URLs), plus:

  • Blocks access to many security-related websites
  • Changes your PC's settings
  • Stops system and security services
Worm:Win32/Conficker.C
Discovered date:
20 February 2009
Payload trigger date:
1 January 2009
Same as .B variant.

Same as .A and .B variants, plus:

  • Additional method for downloading files that uses peer-to-peer communications
  • Adds checks to verify the authenticity/validity of content targeted for download
Worm:Win32/Conficker.D
Discovered date:
4 Mar 2009
Payload trigger date:
1 April 2009

Spreading functionality removed.

Distributed as an update to PCs already infected with the .B and .C variants.

Same as .A and .B variants, plus:

  • Generates 50,000 URLs to download files from, but only visits 500 within a 24-hour period
  • Expands on efforts to hinder its removal from your PC:
    • Stops more system and security services
    • Blocks more security-related websites
Worm:Win32/Conficker.E
Discovered date:
8 April 2009
Payload trigger date:
No date

Spreading functionality added.

Same as .A variant, plus:

  • Network shares with weak passwords
  • Blocks access to many security-related websites
  • Changes your PC's settings
  • Stops system and security services
  • Deletes itself on May 3

The name of this family was derived from trafficconverter.biz, a string found in the Worm:Win32/Conficker.A variant.

Prevention

Take these steps to help prevent infection on your computer.

The following could indicate that you have this threat on your PC:

  • The following services are disabled or fail to run:
    Background Intelligence Transfer Service
    Error Reporting Service
    Windows Defender
    Windows Error Reporting Service
    Windows Security Center Service
    Windows Update Auto Update Service

  • Some accounts might be locked due to the following registry modification, which might flood the network with connections:
    HKLMSYSTEMCurrentControlSetServicesTcpipParameters
    'TcpNumConnections' = '0x00FFFFFE'

  • You might not be able to connect to websites or online services that contain the following:
    ahnlab
    arcabit
    avast
    avira
    castlecops
    centralcommand
    clamav
    comodo
    PCassociates
    cpsecure
    defender
    drweb
    emsisoft
    esafe
    eset
    etrust
    ewido
    f-prot
    f-secure
    fortinet
    gdata
    grisoft
    hacksoft
    hauri
    ikarus
    jotti
    k7computing
    kaspersky
    malware
    mcafee
    microsoft
    networkassociates
    nod32
    norman
    norton
    panda
    pctools
    prevx
    quickheal
    rising
    rootkit
    securecomputing
    sophos
    spamhaus
    spyware
    sunbelt
    symantec
    threatexpert
    trendmicro
    virus
    wilderssecurity
    windowsupdate

IRVINE, Calif.--(BUSINESS WIRE)--In response to Conficker, breed of self-updating worms that is difficult to avoid, Researchers at eEye Digital Security (www.eeye.com) have devised a Conficker detection engine that centers on running a network scan to detect hosts compromised or vulnerable to Conficker. In a proactive measure to protect users, starting today, organizations can download from eEye a free utility that is built around the company’s Retina Network Security Scanner that will detect hosts that are compromised with this latest worm and malicious botnet or do not have MS08-067 applied, the most effective propagation technique that Conficker uses.

Conficker Worm Patch Download

The Retina Utility from eEye can be downloaded at: http://www.eeye.com/html/downloads/other/ConfickerScanner.html.

The Conficker worm utilizes a variety of attack vectors to transmit and receive payloads, including: software vulnerabilities (e.g. MS08-067), portable media devices (e.g. USB thumb drives and hard drives), as well as leveraging endpoint weaknesses (e.g. weak passwords on network-enabled systems). The Conficker worm will also spawn remote access backdoors on the system and attempt to download additional malware to further infect the host.

“The Conficker worm represents predictions eEye has been making for years,” said eEye CEO Kamal Arafeh . “Blended threats can take advantage of a missing patch, propagate though a USB key, create a silent but crippling peer-to-peer network, and provide the stealthiest capabilities of a botnet using complex command and control methods. eEye Research has developed solutions to protect against these threats as monolithic entities and when combined, our solutions are very effective in identifying and stopping the propagation of blended threats such as Conficker.”

The Retina Network Security Scanner thwarts network exploits and data loss attacks by analyzing specific pieces of operating systems, applications, and policies. The tool identifies high-risk host components and determines how malware such as the forthcoming Conficker worm can potentially leverage systems for malicious activity due to missing patches, poor configurations, and vulnerabilities.

In addition to the detection of the Conficker worm, eEye Digital Security's Blink Endpoint Protection Platform can effectively protect hosts, even if they are not patched, from the propagation of this worm. Using protocol based IPS analyzers, Blink can detect and stop the malicious traffic associated with MS08-067 and block the worm from self propagating. For installations that are already infected, Blink's multi layer antivirus engine will remove the Conficker worm and provide protection until a permanent remediation is performed on the host.

System Requirements to download eEye Retina Utility for Conficker:

  • Operating System: Windows 2000/XP/2003
  • Internet Explorer Version 5.01 or higher
  • System RAM: 128 MB
  • Storage: 20 MB

Related Links & Resources:

The HoneyNet Project: http://www.honeynet.org/papers/conficker/

Felix Leder and Tillmann Werner Analysis: http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker

Microsoft Advisory - 967940: http://www.microsoft.com/technet/security/advisory/967940.mspx

Conficker Worm Information

Microsoft Malware Protection Center: http://tinyurl.com/absz6f

Conficker Worm Patch Download Windows 7

Microsoft Security Bulletin MS08-067: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

SANS - Internet Storm Center: http://isc.sans.org/diary.html?storyid=5860

Shadowserver Foundation: http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090212

About eEye Digital Security

eEye Digital Security is a leader in vulnerability management, endpoint security, anti-virus software and IT security research. The company’s advanced security solutions help technology professionals protect the networks and digital assets of more than 9,000 corporate and government organizations worldwide. Founded in 1998, eEye Digital Security is headquartered in Orange County, California. For more information, please visit www.eEye.com.

Conficker Worm Patch Download Torrent

All trademarks contained within this press release are the sole property of their respective owners and are hereby acknowledged.