We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Microsoft updates Malicious Software tool

MRST can stop new strain of Conflicker virus

Microsoft's Malicious Software Removal Tool (MSRT) has been upgraded so it can remove a worm that tries to download malicious software.

Many companies have seen Conficker rapidly spread on their networks over the last few weeks, said Mikko Hypponen, chief research officer for the Finnish security company F-Secure.

F-Secure has analysed the malware and found it contains an algorithm that generates domain names for command-and-control servers. The malware authors can then turn one of those domain names into a live website where the infected PCs report to for updated malware or instructions, he said.

The technique has been used by other botnets, such as Mebroot. It's very difficult to shut down the command-and-control websites, since it's hard to know which ones of hundreds could potentially go live, Hypponen said.

"It's a pretty nasty mechanism," Hypponen said.

F-Secure has registered some of those domain names generated by the algorithm to try to get an estimate of how many computers may be infected. On Tuesday, the number stood at more than 2.5 million. On Wednesday, Hypponen said F-Secure has seen more than 3.5 million machines polling the registered domain name for instructions. But F-Secure analysts think the real number of infected machines could be much higher.

Other than infecting computers, Hypponen said F-Secure hasn't seen other malicious activity from Conficker.B's network of computers. However, those machines form a massive botnet that could be used for other havoc.

An earlier version of Conficker tampered with PC's Domain Name System (DNS) settings. That can cause a computer to visit a different website than the one shown in a browser's address box.

Hypponen said in those instances, Conficker redirected users from Google to Russian websites stuffed with advertisements. The tampering also caused advertising pop-ups to appear. In both examples, Conficker's controllers could be directing masses of traffic on those advertisements in order to generate fraudulent revenue, he said.

See also: Microsoft targets education with Surface computer

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model