ESET Threat Blog

It has been 1,000 days since the Conficker worm first appeared on November 21, 2008.  For the first two months after its initial appearance we received a trickle of reports through our ThreatSense.NET telemetry system.  By January of 2009 that had become a flood, and then a deluge, as this “super worm” rose to meteoric … Read More…

ESET released its Global Threat Report for the month of September, 2009, identifying the top ten threats seen during the month by ESET's ThreatSense.Net™ cloud.  You can view the report here and, as always, the complete collection is available here in the Threat Trends section of our web site.  While the report identifies a number … Read More…

Larry Seltzer, one of the better commentators on malware issues, has picked up on the disparity between ESET’s naming of the latest variant and Symantec’s – they call it W32.Downadup.E. Richard Adhikari (who also seems to pretty clueful) also picked up on the naming issue when we exchanged emails a few days ago.
This issue kind … Read More…

So now for a little more tech detail on Win32/Conficker.AQ (kindly supplied by Juraj Malcho at our labs in Europe – however, if I get anything wrong, that will almost  certainly be down to my faulty interpretation!)
The new variant has two main components. The server component is an .EXE that infects vulnerable PC’s in the … Read More…

I wondered why a newsletter from “Windows Secrets” got flagged as spam. It is because they have reduced themselves to as much.
Near the top of the newsletter it proclaimed:
Remove the Conficker worm: register now
Conficker is one of the worst viruses in history and has infected over 15 million PCs. We are offering a special … Read More…

…as I write, it’s past midnight here in the UK. In some parts of the world it’s already been April 1st for nearly 14 hours.
I have yet to hear any reports of melted PCs, disappearing internets, or institutions DDoS-ed into insolvency by Conficker.
I’ve just received email from a colleague in Sydney, where it’s business as usual, … Read More…

In an apparent effort to cause British commuters to miss their trains, Chinese hackers have ordered the Conficker.C botnet to randomly change the time on the venerable and vulnerable Big Ben. This has caused millions of Londoners to be late for work this morning.
Hey, this is no more ridiculous than trying to protect against Conficker. … Read More…

I can already hear a chorus of "Not ANOTHER Conficker blog?", but some of you will want to know about this development.
The Honeynet Project has announced a new scanning tool for detecting Conficker, which gives network and system administrators a very handy extra tool for detecting Conficker activity on their networks.
Furthermore, the tool … Read More…

[Update: it seems that people who missed the whole MS-DOS/having fun with the C> prompt and batchfiles thing are still struggling with the fact that vendors are releasing cleaning tools that are really command-line tools, so some step-by-step notes are added below.]
I’m sure you’re almost as bored with this issue as I am with the BBC. … Read More…

It appears there are interesting developments in the Conficker/Downadup development front. Peter Coogan of Symantec describes here a variant that doesn’t appear to be interested in infecting new machines, rather more so in updating and protecting itself on systems already infected with previous variants.
(And, yes, ESET’s ThreatSense technology does already detect it heuristically!)
It seems to have two … Read More…