 |
Win32/Conficker.B might spread through file sharing and via removable drives, such as USB drives. It adds a malicious file to the removable drive so that when the drive is used, the AutoPlay dialog box will show one additional option. The Conficker worm can also disable important services on your computer. The option Open folder to view files — Publisher not specified was added by the worm
Once this worm infects a computer it's malicious activites includings:
Extracts all of its files to the %System% directory with random DLL file names, which can wreak havoc on your computer.
- Deletes the user's Restore Points.
- Registers a services called Netsvcs
- Creates scheduled tasks that execute all of the DLL files.
- Creates it's own simple HTTP server on the infected computer and spreads the worm to other computers in the network through file shares.
- Creates an Autorun.inf file in file shares to execute the warm files once the share is accessed by another computer.
- Connects to external sites to download additional files. Blocking access to security-related sites
- Locking Users out of the directory
- Sending Traffic through port 445 on non-Directory Service (DS) servers
- Denying access to admininistrator shared drives
- Places autorun.inf files in the recycled directory, or trash bin
No comments:
Post a Comment