Bookmark and Share
Wenpoint
Google
 
Security Tips
Quick Tips
Anti-Spyware Tips
Security Topics
Malware/Spyware
Spam and Phishing
Rootkit
Learn More
Security F.A.Q.
Ask a question




Home > Security Info > Malware/Spyware >

Malware/Spyware


How Conficker spread?



Research about Conficker indicates that Conficker attacks and spreads itself in the following ways.

  1. It exploits the MS08-067 vulnerability,
  2. It brute forces Administrator passwords on local networks and spreads through ADMIN$ shares and finally
  3. It infects removable devices and network shares by creating a special autorun.inf file and dropping its own DLL on the device.

Conficker might spread through file sharing and via removable drives, such as USB drives (also known as thumb drives). The worm adds a file to the removable drive so that when the drive is used, the AutoPlay dialog will show one additional option.

The Conficker worm can also disable important services on your computer.

In the screenshot of the Autoplay dialog box below, the first option was added by the worm.


The option "Open folder to view files Publisher not specified" was added by the worm. If you select the first option, the worm executes and can begin to spread itself to other computers. The highlighted option Open folder to view files using Windows Explorer is the option that Windows provides and the option you should use.