• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Conficker (AKA Downadup or Kido) Infections Skyrocket To An Estimate 9 Million

January 19, 2009

Views: 10,151

[ad]

There hasn’t been a viral outbreak of this scale for quite some time, Conficker or Downadup as it’s known was only fairly recently discovered (Oct 2008) and has already infected an estimated 9 million machines!

It’s spreading fast though and it auto-updates itself via downloads from random domains making it almost impossible to stop as whatever countermeasures come out, it can just download itself the latest version and bypass them.

It also has multiple infection vectors including traveling via USB drives.

Infections of a worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is “skyrocketing”.

The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008. Anti-virus firm F-Secure estimates there are now 8.9m machines infected. Experts warn this figure could be far higher and say users should have up-to-date anti-virus software and install Microsoft’s MS08-067 patch. In its security blog, F-Secure said that the number of infections based on its calculations was “skyrocketing” and that the situation was “getting worse”.

Speaking to the BBC, Graham Cluley, senior technology consultant with anti-virus firm Sophos, said the outbreak was of a scale they had not seen for some time.

The virus targets the services.exe process (Server service) by exploiting the vulnerability associated with the MS08-067 patch.

This was a serious remote execution flaw carried out by making a malformed RPC request, apparently it was reported ‘privately’. But now it seems that perhaps the details of the exploit weren’t that private after all.

According to Microsoft, the worm works by searching for a Windows executable file called “services.exe” and then becomes part of that code.

It then copies itself into the Windows system folder as a random file of a type known as a “dll”. It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.

Once the worm is up and running, it creates an HTTP server, resets a machine’s System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker’s web site. Most malware uses one of a handful of sites to download files from, making them fairly easy to locate, target, and shut down. But Conficker does things differently.

It quite advanced even taking system restore out of the picture and downloading new files to update itself and to infect the machine further. It’s sneaky as it downloads from a bunch of seemingly randomly generated URLs making it very difficult to track and stop.

Many machines are infected in China, Brazil, Russia, and India – personally I think this is because piracy is rife in these areas and Microsoft doesn’t allow pirated copies of Windows to use Windows Update (especially with the WGA tool or Windows Genuine Advantage).

Source: BBC News (Thanks Navin)

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Malware Tagged With: conficker, conficker virus, downadup, malware, virus, viruses



Reader Interactions

Comments

  1. navin says

    January 19, 2009 at 5:15 pm

    cheers!! :)

  2. Bogwitch says

    January 19, 2009 at 8:00 pm

    There appears to be some discrepancies at to the true number of infected machines, with some reports citing 500,000 unique IP addresses infected.

    I don’t think it matters too much whether it was reported privately or not; once the hotfix is released it will be diffed to see what was fixed from the previous version. From there it is not difficult to work out how to exploit the vulnerability.

    I am not suprised that such a large number of machines are unpatched, given the WGA. Microsoft is damned if they do and damned if they don’t. If all Windows was patched, there would be little effect from this but that would mean Microsoft would have to accept that there are unlicensed copies out there. As it is, there is now more ammo for the ‘Microsoft is insecure’ brigade due to the fact that Microsoft won’t allow patches for rogue systems.
    That said, I was talking to a guy whose organisation had been hit and their copies of Windows were licensed unfortunately, their patching policy was ‘ineffective’!

  3. Morgan Storey says

    January 20, 2009 at 11:39 pm

    I am of the opinion if you can’t afford/don’t want to pay for windows then go Linux. At least then you get updates, and will have less issues. Windows is good, but if you don’t get updates due to a cracked version then you are part of the problem.
    All my windows machines have this update, and I have seen this virus in the wild on a USB stick, it is a nasty one.

  4. Olafur says

    January 21, 2009 at 10:31 am

    I must say that hackers to day, that do this are insanly smart :P

    But this virus, and every virus. Can they travel to your computer for no reason (saying you didn’t click on a download), like finding your IP and just going into your computer ?
    Just wondering because I haven’t had a virus protection on my computer for the last year and not a single virus, just simple cookies ?

  5. Extremesecurity says

    January 23, 2009 at 10:31 am

    Did Downadup/conficker attack your network? I’ve created a batch file for system administrators to clean/patch/cure infected systems in their networks.

    check it out here:

    http://extremesecurity.blogspot.com/2009/01/beat-downadupconficker-like-pro-my.html

  6. Jhon says

    January 23, 2009 at 5:36 pm

    I have a few friends who have caught this virus as they have found files on their USB that just appeared but when it gets inside your computer as the article says it alters itself. Apparently it uses a complex algorithm that is able to mutate or change makeing it hard to track. But according to the BBC the worst is yet to come. If the hackers decide to use the virus they can take full control over the systems. Thats if they choose to do it.

  7. dblackshell says

    January 25, 2009 at 6:05 pm

    Jhon

    Apparently it uses a complex algorithm that is able to mutate or change makeing it hard to track

    When I read stuff like this it makes me laugh, because If malware authors would have to learn something from virus authors, than they should have learned Polymorphism, Metamorphism.

    As for this case, I quite wonder of the “complexity” of the algorithm. I’m no algorithm guru, but have studied some polymorphic viruses till now, so I would be hardly surprised.

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 284

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 493

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 490

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Shell3r - Powerful Shellcode Obfuscator for Offensive Security

Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Views: 687

If antivirus and EDR vendors are getting smarter, so are the tools that red teamers and penetration … ...More about Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Views: 8,457

Introduction: How Much of the Internet Can You See? You're only scratching the surface when you … ...More about Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

DataSurgeon is an open-source Linux-based data extraction and transformation tool designed for forensic investigations and recovery scenarios.

DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux

Views: 468

DataSurgeon is an open-source Linux-based data extraction and transformation tool designed for … ...More about DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (227)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (73)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,291,638)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,069)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,614)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,675)
  • Password List Download Best Word List – Most Common Passwords (933,462)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,130)
  • Hack Tools/Exploits (673,286)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,143)

Search

Recent Posts

  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025
  • Shell3r – Powerful Shellcode Obfuscator for Offensive Security May 2, 2025
  • Understanding the Deep Web, Dark Web, and Darknet (2025 Guide) April 30, 2025
  • DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux April 28, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy