-
Discovered:
- December 30, 2008
-
Updated:
- May 14, 2012 2:18:55 PM
-
Also Known As:
- Worm:W32/Downadup.AL [F-Secure], Win32/Conficker.B [Computer Associates], W32/Confick-D [Sophos], WORM_DOWNAD.AD [Trend], Net-Worm.Win32.Kido.ih [Kaspersky], Conficker.D [Panda Software]
-
Type:
- Worm
-
Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
-
CVE References:
-
CVE-2008-4250
Antivirus Protection Dates
-
Initial Rapid Release version December 30, 2008 revision 021
-
Latest Rapid Release version December 27, 2011 revision 007
-
Initial Daily Certified version December 30, 2008 revision 024
-
Latest Daily Certified version December 27, 2011 revision 017
-
Initial Weekly Certified release date December 31, 2008
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Medium
-
Number of Infections: 1000+
-
Number of Sites: 10+
-
Geographical Distribution: Medium
-
Threat Containment: Moderate
-
Removal: Moderate
Damage
-
Damage Level: Medium
-
Modifies Files: Modifies the tcpip.sys file.
Distribution
-
Distribution Level: Medium
-
Shared Drives: Attempts to spread to network shares protected by weak passwords.
-
Target of Infection: Spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874)
Writeup By: Sean Kiernan
