Threat Database Worms Conficker.e

Conficker.e

By GoldSparrow in Worms

Not only does Conficker.e infect new machines, but it also updates computers infected with previous versions of the worm. The trojan spreads via MS08-067 security exploits. Conficker.e functions in pretty much the same way as its forerunners, Conficker B++ and Conficker.C. The worm joins compromised machines into a botnet - a collection of compromised computers running software under a common command-and-control infrastructure. The computer then might be used for DDoS attacks and spam attacks. Conficker.e (also known as Downadup) also establishes hidden remote access to the PC.

Registry Details

Conficker.e may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[RANDOM CHARACTERS]\Parameters\"ServiceDll" = "[PATH TO SECURITY RISK]"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[RANDOM CHARACTERS]\"ImagePath" = %System%\svchost.exe -k netsvcs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS]" = "rundll32.exe "[RANDOM DLL FILE NAME]", [RANDOM PARAMETER STRING]"

Trending

Most Viewed

Loading...