1218:
124:
914:. This new pull mechanism (which was disabled until April 1, 2009) is unlikely to propagate payloads to more than 1% of infected hosts per day, but is expected to function as a seeding mechanism for the virus's peer-to-peer network. The shorter generated names, however, are expected to collide with 150–200 existing domains per day, potentially causing a
255:). Microsoft analyst Joshua Phillips gives an alternative interpretation of the name, describing it as a rearrangement of portions of the domain name trafficconverter.biz (with the letter k, not found in the domain name, added as in "trafficker", to avoid a "soft" c sound) which was used by early versions of Conficker to download updates.
1377:
is the probable origin of the virus, but declined to reveal further technical discoveries about the virus's internals to avoid tipping off its authors. An initial variant of
Conficker did not infect systems with Ukrainian IP addresses or with Ukrainian keyboard layouts. The payload of Conficker.E was
909:
and registrations for these domains. Variant D counters this by generating daily a pool of 50,000 domains across 110 TLDs, from which it randomly chooses 500 to attempt for that day. The generated domain names were also shortened from 8–11 to 4–9 characters to make them more difficult to detect with
207:, and has been unusually difficult to counter because of its combined use of many advanced malware techniques. The Conficker worm infected millions of computers including government, business and home computers in over 190 countries, making it the largest known computer worm infection since the 2003
387:
Five variants of the
Conficker virus are known and have been dubbed Conficker A, B, C, D and E. They were discovered 21 November 2008, 29 December 2008, 20 February 2009, 4 March 2009 and 7 April 2009, respectively. The Conficker Working Group uses namings of A, B, B++, C, and E for the same
383:
techniques used by
Conficker have seen past use or are well known to researchers, the virus's combined use of so many has made it unusually difficult to eradicate. The virus's unknown authors are also believed to be tracking anti-malware efforts from network operators and law enforcement and have
223:
Estimates of the number of infected computers were difficult because the virus changed its propagation and update strategy from version to version. In
January 2009, the estimated number of infected computers ranged from almost 9 million to 15 million. Microsoft has reported the total number of
1478:
to prevent
Variant B of the virus from spreading through removable media. Prior to the release of Microsoft knowledgebase article KB967715, US-CERT described Microsoft's guidelines on disabling Autorun as being "not fully effective" and provided a workaround for disabling it more effectively.
1420:
Many third-party anti-virus software vendors have released detection updates to their products and claim to be able to remove the worm. The evolving process of the malware shows some adoption to the common removal software, so it is likely that some of them might remove or at least disable some
1015:
as their hash function and increase the size of the RSA key to 4096 bits. Conficker B adopted MD6 mere months after it was first published; six weeks after a weakness was discovered in an early version of the algorithm and a new version was published, Conficker upgraded to the new MD6.
214:
Despite its wide propagation, the worm did not do much damage, perhaps because its authors – believed to have been
Ukrainian citizens – did not dare use it because of the attention it drew. Four men were arrested, and one pled guilty and was sentenced to four years in prison.
1391:
believed that the criminals abandoned
Conficker after it had spread much more widely than they assumed it would, reasoning that any attempt to use it would draw too much attention from law enforcement worldwide. This explanation is widely accepted in the cybersecurity field.
2657:
2618:
1395:
In 2011, working with the FBI, Ukrainian police arrested three
Ukrainians in relation to Conficker, but there are no records of them being prosecuted or convicted. A Swede, Mikael Sallnert, was sentenced to 48 months in prison in the U.S. after a guilty plea.
1404:
Due to the lock of the virus files against deletion as long as the system is running, the manual or automatic removal itself has to be performed during boot process or with an external system installed. Deleting any existing backup copy is a crucial step.
302:
on
October 23, 2008 to close the vulnerability, a large number of Windows PCs (estimated at 30%) remained unpatched as late as January 2009. A second variant of the virus, discovered in December 2008, added the ability to propagate over LANs through
224:
infected computers detected by its antimalware products has remained steady at around 1.7 million from mid-2010 to mid-2011. By mid-2015, the total number of infections had dropped to about 400,000, and it was estimated to be 500,000 in 2019.
942:
to NetBIOS-related DLLs to close MS08-067 and watch for re-infection attempts through the same vulnerability. Re-infection from more recent versions of
Conficker are allowed through, effectively turning the vulnerability into a propagation
1935:
884:(PRNG) seeded with the current date to ensure that every copy of the virus generates the same names each day. The virus then attempts an HTTP connection to each domain name in turn, expecting from any of them a signed payload.
1383:
1902:
323:
computer network, was infected with Conficker on 15 January 2009. The network was subsequently quarantined, forcing aircraft at several airbases to be grounded because their flight plans could not be downloaded.
2035:
1028:", which locks it from deletion even if the user is granted with administrator privileges. The virus stores a backup copy of this DLL disguised as a .jpg image in the Internet Explorer cache of the user
3021:
2224:
1160:
On 12 February 2009, Microsoft announced the formation of an industry group to collaboratively counter Conficker. The group, which has since been informally dubbed the Conficker Cabal, includes
353:
City Council's IT system caused an estimated £1.5m worth of disruption in February 2009. The use of USB flash drives was banned, as this was believed to be the vector for the initial infection.
918:(DDoS) on sites serving those domains. However the large number of generated domains and the fact that not every domain will be contacted for a given day will probably prevent DDoS situations.
1926:
1067:
Variant E of the virus was the first to use its base of infected computers for an ulterior purpose. It downloads and installs, from a web server hosted in Ukraine, two additional payloads:
2993:
2435:
2193:
2956:
360:
on 24 March 2009 that it had been infected with the virus. The memo, which was subsequently leaked, called for users to avoid connecting any unauthorised equipment to the network.
3836:
3053:
2301:
1893:
3510:
295:
Beta. While Windows 7 may have been affected by this vulnerability, the Windows 7 Beta was not publicly available until January 2009. Although Microsoft released an emergency
3460:
2547:
1055:. Processes matching a predefined list of antiviral, diagnostic or system patching tools are watched for and terminated. An in-memory patch is also applied to the system
3303:
2844:
1969:
3341:
2029:
3896:
3271:
2628:
1361:
By mid-April 2009 all domain names generated by Conficker A had been successfully locked or preemptively registered, rendering its update mechanism ineffective.
848:
To start itself at system boot, the virus saves a copy of its DLL form to a random filename in the Windows system or system32 folder, then adds registry keys to have
3363:
2807:
1872:
2728:
3246:
2067:
778:
Variants A, B, C and E exploit a vulnerability in the Server Service on Windows computers, in which an already-infected source computer uses a specially-crafted
2914:
2691:
2665:
1532:
2006:
1841:
3031:
3715:
1680:
2579:
2474:
1387:, a classified, peer-reviewed U.S. government cybersecurity publication, that they tracked the malware to a group of Ukrainian cybercriminals. Porras
2252:
3777:
2218:
1556:
2368:
2339:
1330:
domains expected to be generated by the virus over the following five weeks. NASK has also warned that worm traffic may unintentionally inflict a
2978:
2420:
2178:
1275:
ccTLD registry, blocked all the domain names informed by the Conficker Working Group and reviewed a hundred already registered from the worm list.
4397:
4027:
3959:
1471:
2093:
1715:
4729:
4371:
3188:
2397:
1493:
4022:
3119:
2121:
1421:
variants, while others remain active or, even worse, deliver a false positive to the removal software and become active with the next reboot.
3219:
3156:
3084:
1255:
250,000 reward for information leading to the arrest and conviction of the individuals behind the creation and/or distribution of Conficker.
2946:
4755:
4750:
4562:
3846:
3756:
1750:
2280:
2149:
1637:
4745:
4647:
4492:
3512:
Microsoft Collaborates With Industry to Disrupt Conficker Worm (Microsoft offers $ 250,000 reward for Conficker arrest and conviction.)
3063:
2307:
1381:
In 2015, Phil Porras, Vinod Yegneswaran and Hassan Saidi – who were the first to detect and reverse-engineer Conficker – wrote in the
3994:
3520:
1181:
4963:
4642:
4450:
3574:
3405:
1812:
1279:
3963:
1319:
4579:
3637:
2557:
1409:
1117:
3452:
3373:
3633:
1959:
1781:
1297:
868:
over the network. These payloads are used by the virus to update itself to newer variants, and to install additional malware.
357:
2850:
2817:
2738:
3599:
371:
as a precautionary measure; during that time, officers had to ask other forces to run routine checks on vehicles and people.
3335:
3902:
3281:
3090:
2924:
2117:
Microsoft Security Bulletin MS08-067 – Critical; Vulnerability in Server Service Could Allow Remote Code Execution (958644)
1479:
US-CERT has also made a network-based tool for detecting Conficker-infected hosts available to federal and state agencies.
1441:, allowing researchers to imitate the virus network's command packets and positively identify infected computers en-masse.
328:
3313:
2769:
2701:
1412:
to remove the virus, then applying the patch to prevent re-infection. Newer versions of Windows are immune to Conficker.
1346:
331:
reported that some of its major systems and desktops were infected. The virus had spread across administrative offices,
4364:
4048:
3659:
3874:
3815:
4574:
4502:
4094:
4044:
3483:
1862:
1578:
3931:
3541:
3430:
733:
Scans for and terminates processes with names of anti-malware, patch or diagnostic utilities at one-second intervals
668:
Scans for and terminates processes with names of anti-malware, patch or diagnostic utilities at one-second intervals
4834:
4673:
4017:
388:
variants respectively. This means that (CWG) B++ is equivalent to (MSFT) C and (CWG) C is equivalent to (MSFT) D.
263:
The first variant of Conficker, discovered in early November 2008, propagated through the Internet by exploiting a
3240:
2057:
810:
process. Attaching to those processes might be detected by the application trust feature of an installed firewall.
798:
between 1024 and 10000; the target shellcode connects back to this HTTP server to download a copy of the virus in
3990:
3094:
1007:-signed with a 1024-bit private key. The payload is unpacked and executed only if its signature verifies with a
825:
is attempted, potentially generating large amounts of network traffic and tripping user account lockout policies.
3693:
1998:
1835:
966:
for subsequent transfers of signed payloads. To make analysis more difficult, port numbers for connections are
199:
that was first detected in November 2008. It uses flaws in Windows OS software (MS08-067 / CVE-2008-4250) and
4066:
1670:
5102:
4402:
4392:
4357:
3725:
1304:
963:
881:
2466:
5097:
4466:
3568:
2883:
2589:
2516:
911:
3123:
1550:
1459:
2329:
1059:
DLL to block lookups of hostnames related to antivirus software vendors and the Windows Update service.
335:
desktops aboard various Royal Navy warships and Royal Navy submarines, and hospitals across the city of
4589:
4569:
3146:
1227:
346:, the unified armed forces of Germany, reported that about one hundred of its computers were infected.
4765:
3787:
2362:
2246:
2089:
1508:
1503:
887:
Variant B increases the number of TLDs to eight, and has a generator tweaked to produce domain names
364:
264:
3178:
311:. Researchers believe that these were decisive factors in allowing the virus to propagate quickly.
5107:
4839:
4787:
4599:
4338:
2115:
1746:
1408:
Microsoft released a removal guide for the virus, and recommended using the current release of its
928:
368:
3209:
3098:
4906:
4865:
4614:
1705:
1125:
1078:
otherwise known to propagate through e-mail attachments. Waledac operates similarly to the 2008
1052:
1044:
1040:
1008:
1738:
1433:
discovered that Conficker-infected hosts have a detectable signature when scanned remotely. The
4932:
4927:
4518:
4497:
3746:
1629:
1603:
959:
292:
4308:
5020:
4922:
4896:
4637:
4132:
4087:
3955:
Technical Cyber Security Alert TA09-020A: Microsoft Windows Does Not Disable AutoRun Properly
1445:
1267:
registries affected by the virus's domain generator. Those which have taken action include:
996:
779:
2389:
4958:
4471:
4333:
3984:
1252:
951:
944:
902:
814:
799:
2274:
2143:
836:(such as USB flash drives), from which they can then infect new hosts through the Windows
8:
4663:
3276:
1438:
1370:
1307:
registry, announced it was "taking action to protect internet addresses with the endings
288:
284:
165:
157:
3395:
1234:
Please help update this article to reflect recent events or newly available information.
4781:
4434:
4323:
3953:
3184:
1710:
1141:
1131:
1000:
954:
to push and pull payloads over the wider Internet. This aspect of the virus is heavily
932:
865:
356:
A memo from the Director of the UK Parliamentary ICT service informed the users of the
238:
1024:
The DLL- Form of the virus is protected against deletion by setting its ownership to "
4557:
4487:
4313:
4272:
4040:
1293:
ccTLD registry, blocked all the domain names informed by the Conficker Working Group.
939:
822:
299:
242:
200:
193:
1804:
1771:
367:
computer network was infected, leading to its disconnection for three days from the
4523:
4328:
4293:
4080:
4032:
1455:
1430:
1282:, the Canadian Internet Registration Authority, locked all previously-unregistered
1264:
1263:
ICANN has sought preemptive barring of domain transfers and registrations from all
1121:
1048:
899:
877:
807:
795:
400:
296:
196:
3627:
3605:
2778:
5046:
4708:
4688:
4668:
4658:
4207:
4197:
4142:
1776:
1452:
1109:
1089:
1004:
955:
906:
861:
833:
783:
304:
268:
1437:
command protocol used by variants D and E of the virus has since been partially
5072:
5015:
4979:
4775:
4594:
4298:
4277:
4267:
4222:
4212:
4177:
4147:
3842:
3369:
3309:
3059:
2989:
2920:
2813:
2734:
2697:
2661:
2624:
2512:
2431:
2189:
1189:
1185:
1145:
1113:
1071:
1056:
1036:
748:
350:
98:
70:
56:
715:
Uses custom protocol to scan for infected peers via UDP, then transfer via TCP
635:
Uses custom protocol to scan for infected peers via UDP, then transfer via TCP
5091:
5036:
4818:
4683:
4609:
4303:
4237:
4202:
4192:
4187:
4157:
4127:
3721:
3547:
3401:
3027:
2549:
Microsoft Malware Protection Center: Information about Worm:Win32/Conficker.D
1137:
Congestion on local area networks (ARP flood as consequence of network scan).
988:
967:
308:
280:
189:
161:
134:
77:
3665:
5010:
4698:
4693:
4544:
4242:
4217:
4162:
3868:
3809:
2511:
2462:
2334:
1701:
1676:
1434:
1286:
domain names expected to be generated by the virus over the next 12 months.
1201:
1197:
888:
587:
Creates named pipe to receive URL from remote host, then downloads from URL
576:
Downloads daily from 500 of 50,000 pseudorandom domains over 8 TLDs per day
272:
149:
3489:
764:
Removes self on 3 May 2009 (but leaves remaining copy of Conficker D)
384:
regularly released new variants to close the virus's own vulnerabilities.
4984:
4881:
4703:
4632:
4552:
4167:
4036:
3923:
3426:
2585:
1666:
1301:
873:
849:
803:
627:
Downloads daily from any 500 of 50,000 pseudorandom domains over 110 TLDs
320:
208:
105:
91:
3485:
Microsoft announces industry alliance, $ 250k reward to combat Conficker
806:. Variants B and later may attach instead to a running services.exe or
4989:
4604:
4529:
4428:
4349:
3601:
NIC-Panama colabora en esfuerzo mundial en contra del Gusano Conficker.
1498:
1079:
971:
924:
813:
Variants B and C can remotely execute copies of themselves through the
343:
276:
237:
The origin of the name Conficker is thought to be a combination of the
153:
3543:
NIC Chile participa en esfuerzo mundial en contra del gusano Conficker
1184:, Public Internet Registry, Global Domains International, M1D Global,
983:
To prevent payloads from being hijacked, variant A payloads are first
5041:
4262:
4053:
3927:
3783:
3752:
3687:
3516:
3456:
2952:
2553:
2063:
1536:
1334:
attack to legitimate domains which happen to be in the generated set.
1161:
1086:
787:
757:
657:
336:
3570:
CIRA working with international partners to counter Conficker C
2882:
Porras, Phillip; Saidi, Hassen; Yegneswaran, Vinod (19 March 2009),
5067:
4994:
4953:
4901:
4813:
4713:
4584:
4232:
4182:
4137:
3629:
SWITCH taking action to protect against the Conficker computer worm
3215:
1808:
1338:
1193:
1177:
958:
and not fully understood, but has been observed to use large-scale
790:
on the target computer. On the source computer, the virus runs an
63:
49:
1961:
Opening up a can of worms: Why won't Conficker just die, die, die?
4886:
4798:
4318:
4172:
1513:
1475:
1374:
1173:
1165:
1075:
837:
818:
751:
380:
3578:
2889:
2522:
2031:
Microsoft's US$ 5 million Reward for the Conficker Worm Creators
504:
Downloads daily from any of 250 pseudorandom domains over 8 TLDs
445:
Downloads daily from any of 250 pseudorandom domains over 5 TLDs
4937:
4678:
4624:
4252:
4227:
4103:
2578:
Macalintal, Ivan; Cepe, Joseph; Ferguson, Paul (7 April 2009),
2306:(in German), PC Professionell, 16 February 2009, archived from
1488:
1342:
1323:
707:
Patches MS08-067 to open reinfection backdoor in Server service
584:
Patches MS08-067 to open reinfection backdoor in Server service
512:
Patches MS08-067 to open reinfection backdoor in Server service
204:
112:
84:
35:
3717:
Conficker talk sanitized at Black Hat to protect investigation
3148:
Microsoft Collaborates With Industry to Disrupt Conficker Worm
4891:
4844:
4257:
4247:
4122:
3272:"Conficker Worm Awakens, Downloads Rogue Anti-virus Software"
3152:
2145:
Three in 10 Windows PCs still vulnerable to Conficker exploit
1965:
1169:
984:
895:
564:
Creates DLL-based AutoRun trojan on attached removable drives
492:
Creates DLL-based AutoRun trojan on attached removable drives
3986:
DHS Releases Conficker/Downadup Computer Worm Detection Tool
123:
4849:
2330:"Conficker left Manchester unable to issue traffic tickets"
1429:
On 27 March 2009, Felix Leder and Tillmann Werner from the
1331:
915:
791:
247:
42:
4072:
742:
Updates local copy of Conficker C to Conficker D
4117:
4061:, September 27, 2011; preliminarily covered by Bowden in
4058:
3242:
Malware Protection Center - Entry: Worm:Win32/Conficker.D
3052:
Leung, Kachun; Liu, Yana; Kiernan, Sean (10 April 2009),
2059:
Malware Protection Center - Entry: Worm:Win32/Conficker.A
1868:
1354:
1350:
1337:
On 2 April 2009, Island Networks, the ccTLD registry for
1327:
1312:
1308:
1290:
1283:
1272:
1012:
992:
894:
To counter the virus's use of pseudorandom domain names,
2090:"Conficker worm still wreaking havoc on Windows systems"
1039:
points and disables a number of system services such as
203:
on administrator passwords to propagate while forming a
3604:(in Spanish), NIC-Panama, 27 March 2009, archived from
962:
scanning to build up a peer list of infected hosts and
931:
for downloadable payloads to other infected hosts on a
828:
Variants B and C place a copy of their DLL form in the
3546:(in Spanish), NIC Chile, 31 March 2009, archived from
2881:
2577:
1357:
names were in the set of names generated by the virus.
1345:, confirmed after investigations and liaison with the
1204:
Foundation, Arbor Networks, and Support Intelligence.
3924:"How to disable the Autorun functionality in Windows"
3023:
Conficker cashes in, installs spam bots and scareware
2303:
Conficker-Wurm infiziert hunderte Bundeswehr-Rechner
3265:
3263:
2620:
W32.Downadup.C Pseudo-Random Domain Name Generation
2515:; Hassen Saidi; Vinod Yegneswaran (19 March 2009),
1992:
1990:
1988:
1986:
1384:
Journal of Sensitive Cyber Research and Engineering
1105:
Account lockout policies being reset automatically.
896:
Internet Corporation for Assigned Names and Numbers
3015:
3013:
2979:"Connecting The Dots: Downadup/Conficker Variants"
2658:"Connecting The Dots: Downadup/Conficker Variants"
2390:"Conficker virus hits Manchester Police computers"
2248:MoD networks still malware-plagued after two weeks
1630:"Defying Experts, Rogue Computer Code Still Lurks"
1082:and is believed to be written by the same authors.
651:to block lookups of anti-malware related web sites
3779:Protect yourself from the Conficker computer worm
1928:Microsoft Security Intelligence Report: Volume 10
1895:Microsoft Security Intelligence Report: Volume 11
1579:"Microsoft Security Bulletin MS08-067 - Critical"
1552:Protect yourself from the Conficker computer worm
1230:may be compromised due to out-of-date information
852:invoke that DLL as an invisible network service.
695:Exploits MS08-067 vulnerability in Server service
549:Exploits MS08-067 vulnerability in Server service
477:Exploits MS08-067 vulnerability in Server service
427:Exploits MS08-067 vulnerability in Server service
5089:
3625:
3260:
1983:
1805:"Preemptive Blocklist and More Downadup Numbers"
1011:embedded in the virus. Variants B and later use
905:began in February 2009 a coordinated barring of
860:The virus has several mechanisms for pushing or
4049:"The 'Worm' That Could Bring Down The Internet"
3177:Leder, Felix; Werner, Tillmann (2 April 2009),
3051:
3010:
2768:Leder, Felix; Werner, Tillmann (7 April 2009),
2581:DOWNAD/Conficker Watch: New Variant in The Mix?
2220:French fighter planes grounded by computer worm
1837:Downadup Worm exposes millions of PCs to hijack
1472:United States Computer Emergency Readiness Team
3707:
3427:"Virus alert about the Win32/Conficker.B worm"
2843:Leung, Ka Chun; Kiernan, Sean (6 April 2009),
2651:
2649:
2647:
2645:
2541:
2539:
1706:"Worm Infects Millions of Computers Worldwide"
1494:Timeline of notable computer viruses and worms
4365:
4088:
3481:
3077:
2908:
2906:
2838:
2836:
2834:
2802:
2800:
2798:
2763:
2761:
2759:
2757:
2755:
2722:
2720:
2718:
2685:
2683:
2612:
2610:
2608:
2606:
2172:
2170:
2168:
2166:
2135:
1424:
3657:
3301:
2976:
2842:
2571:
2457:
2455:
2418:
2412:
2176:
1661:
1659:
1657:
1655:
1533:"Virus alert about the Win32/Conficker worm"
4051:, author interview (audio and transcript),
3898:Updated Conficker Detection Plugin Released
3829:
3685:
3453:"Virusencyclopedie: Worm:Win32/Conficker.B"
3176:
2977:Nahorney, Ben; Park, John (21 April 2009),
2970:
2938:
2767:
2730:Downadup: Peer-to-Peer Payload Distribution
2642:
2536:
2419:Nahorney, Ben; Park, John (13 March 2009),
2177:Nahorney, Ben; Park, John (13 March 2009),
2108:
1919:
1886:
1451:It can also be detected in passive mode by
1101:Symptoms of a Conficker infection include:
4372:
4358:
4095:
4081:
4023:Conficker Working Group -- Lessons Learned
3894:
3664:(in Polish), Webhosting.pl, archived from
3334:Higgins, Kelly Jackson (14 January 2009),
3295:
3045:
2948:Virus Encyclopedia: Worm:Win32/Conficker.E
2912:
2903:
2831:
2795:
2752:
2715:
2680:
2603:
2364:Leaked memo says Conficker pwns Parliament
2163:
339:reported infection of over 800 computers.
122:
3144:
2452:
1652:
1369:Working group members stated at the 2009
1251:On 13 February 2009, Microsoft offered a
1182:China Internet Network Information Center
821:. If the share is password-protected, a
4451:Sony BMG copy protection rootkit scandal
4379:
3838:W32.Downadup P2P Scanner Script for Nmap
2877:
2875:
2873:
2871:
2869:
2867:
2655:
2507:
2505:
2503:
2501:
2499:
2497:
2495:
2493:
2491:
2276:Conficker seizes city's hospital network
2272:
2244:
2216:
2027:
1802:
1736:
1694:
1576:
1399:
880:. The domain names are generated from a
745:Downloads and installs malware payload:
459:Updates self to Conficker B, C or D
3658:Bartosiewicz, Andrzej (31 March 2009),
3333:
2885:An Analysis of Conficker C (draft)
2461:
2087:
1999:"The Worm That Nearly Ate the Internet"
1739:"Experts bicker over Conficker numbers"
1700:
1627:
1415:
1410:Windows Malicious Software Removal Tool
1118:Background Intelligent Transfer Service
677:Downloads and installs Conficker E
5090:
3713:
3393:
3361:
3145:Robertson, Andrew (12 February 2009),
3120:"Passwords used by the Conficker worm"
3019:
2441:from the original on 24 September 2015
2360:
2327:
2199:from the original on 24 September 2015
2141:
2028:Grigonis, Richard (13 February 2009),
1996:
1665:
938:Variants B, C and E perform in-memory
855:
4353:
4076:
3966:from the original on 24 February 2009
3866:
3811:Scanning for Conficker's peer to peer
3807:
3626:D'Alessandro, Marco (30 March 2009),
3365:Waledac – Guess which one is for you?
3269:
2959:from the original on 18 November 2016
2864:
2771:Know Your Enemy: Containing Conficker
2726:
2689:
2668:from the original on 14 December 2009
2488:
2467:"Computer Experts Unite to Hunt Worm"
2400:from the original on 17 December 2021
2371:from the original on 17 December 2021
2096:from the original on 20 February 2009
2088:Leffall, Jabulani (15 January 2009).
2038:from the original on 16 February 2009
1952:
1833:
1718:from the original on 25 February 2020
1683:from the original on 28 February 2012
1134:responding slowly to client requests.
531:Updates self to Conficker C or D
3759:from the original on 7 November 2012
3482:O'Donnell, Adam (12 February 2009),
3433:from the original on 22 January 2009
3408:from the original on 5 February 2010
3344:from the original on 4 February 2009
3091:Common Vulnerabilities and Exposures
2913:Fitzgerald, Patrick (9 April 2009),
2616:
2477:from the original on 4 December 2016
2055:
1972:from the original on 18 January 2017
1908:from the original on 18 October 2011
1844:from the original on 21 January 2009
1784:from the original on 16 January 2009
1211:
916:distributed denial-of-service attack
772:
379:Although almost all of the advanced
3696:from the original on 16 August 2009
3689:Conficker.A DNS Rendezvous Analysis
3302:O'Murchu, Liam (23 December 2008),
2888:, SRI International, archived from
2545:
2521:, SRI International, archived from
2342:from the original on 10 August 2017
2273:Williams, Chris (20 January 2009),
2245:Williams, Chris (20 January 2009),
1941:from the original on 6 October 2011
1772:"Clock ticking on worm attack code"
1378:downloaded from a host in Ukraine.
314:
13:
3997:from the original on 5 August 2012
3901:, Tenable Security, archived from
3818:from the original on 24 April 2009
3519:, 12 February 2009, archived from
3222:from the original on 29 March 2009
3159:from the original on 19 March 2009
2999:from the original on 12 March 2014
2944:
2777:, HoneyNet Project, archived from
2631:from the original on 16 March 2018
2227:from the original on 10 March 2009
1803:Sullivan, Sean (16 January 2009).
1753:from the original on 16 April 2009
1737:McMillan, Robert (15 April 2009),
1444:Signature updates for a number of
1326:ccTLD registry, locked over 7,000
1315:from the Conficker computer worm."
1289:On 27 March 2009, NIC-Panama, the
1258:
950:Variants D and E create an ad-hoc
872:Variant A generates a list of 250
329:United Kingdom Ministry of Defence
14:
5119:
4033:Worm: The First Digital World War
4011:
3934:from the original on 3 March 2015
3895:Asadoorian, Paul (1 April 2009),
3877:from the original on 2 April 2009
3686:Maniscalchi, Jago (7 June 2009),
3640:from the original on 2 April 2009
3362:Coogan, Peter (23 January 2009),
3191:from the original on 3 April 2009
3183:, Institute of Computer Science,
2283:from the original on 2 April 2009
2255:from the original on 2 April 2009
2217:Willsher, Kim (7 February 2009),
2152:from the original on 1 April 2009
2124:from the original on 9 April 2010
2070:from the original on 18 June 2009
2009:from the original on 30 June 2019
1875:from the original on 2 April 2009
1815:from the original on 2 March 2009
1559:from the original on 27 June 2009
1271:On 13 March 2009, NIC Chile, the
1207:
3870:Scanning for Conficker with Nmap
3463:from the original on 18 May 2017
3249:from the original on 2 June 2009
3055:W32.Downadup.E Technical Details
2846:W32.Downadup.C Technical Details
2690:Chien, Eric (18 February 2009),
2142:Leyden, John (19 January 2009),
1834:Neild, Barry (16 January 2009),
1640:from the original on 18 May 2017
1628:Markoff, John (26 August 2009).
1216:
802:form, which it then attaches to
606:Updates self to Conficker D
3991:Department of Homeland Security
3977:
3946:
3916:
3888:
3867:Bowes, Ronald (30 March 2009),
3860:
3845:, 22 April 2009, archived from
3801:
3786:, 27 March 2009, archived from
3770:
3748:Malicious Software Removal Tool
3739:
3679:
3651:
3619:
3592:
3577:, 24 March 2009, archived from
3561:
3534:
3503:
3475:
3445:
3419:
3387:
3355:
3327:
3233:
3202:
3170:
3138:
3112:
3095:Department of Homeland Security
2816:, 20 March 2009, archived from
2727:Chien, Eric (19 January 2009),
2656:Nahorney, Ben (21 April 2009).
2382:
2354:
2321:
2294:
2266:
2238:
2223:, London: The Daily Telegraph,
2210:
2081:
2049:
2021:
1855:
1827:
1796:
1474:(US-CERT) recommends disabling
1019:
3429:. Microsoft. 15 January 2009.
3394:Gostev, Aleks (9 April 2009),
3270:Krebs, Brian (10 April 2009),
3020:Keizer, Gregg (9 April 2009),
2546:Tiu, Vincent (27 March 2009),
2361:Leyden, John (27 March 2009),
1764:
1730:
1621:
1596:
1570:
1543:
1525:
1148:service becoming inaccessible.
1035:Variant C of the virus resets
882:pseudo-random number generator
840:mechanism using a manipulated
1:
3337:Storm Botnet Makes A Comeback
3305:W32.Waledac Technical Details
3097:, 4 June 2008, archived from
2916:W32.Downadup.E—Back to Basics
1997:Bowden, Mark (29 June 2019).
1519:
1446:network scanning applications
1062:
218:
4782:Kaminsky DNS cache poisoning
4526:(findings published in 2010)
3808:Bowes, Ron (21 April 2009),
3714:Greene, Tim (31 July 2009),
2693:Downadup: Locking Itself Out
2617:Park, John (27 March 2009),
2328:Leyden, John (1 July 2009).
2092:. Government Computer News.
1864:Virus strikes 15 million PCs
374:
258:
7:
4102:
2809:W32.Downadup.C Bolsters P2P
1555:, Microsoft, 9 April 2009,
1482:
1155:
1096:
999:with the 512-bit hash as a
978:
647:Does an in-memory patch of
644:Blocks certain DNS lookups
10:
5124:
1465:
1425:Automated remote detection
817:on computers visible over
724:Blocks certain DNS lookups
596:Blocks certain DNS lookups
521:Blocks certain DNS lookups
227:
5055:
5029:
5003:
4972:
4946:
4915:
4874:
4858:
4827:
4806:
4797:
4764:
4738:
4722:
4623:
4543:
4511:
4480:
4459:
4443:
4421:
4414:
4385:
4286:
4110:
2421:"Propagation by AutoPlay"
2179:"Propagation by AutoPlay"
2120:, Microsoft Corporation,
1509:Zombie (computer science)
1504:Network Access Protection
1364:
1151:User accounts locked out.
927:, over which it can push
365:Greater Manchester Police
241:term "configure" and the
145:
140:
130:
121:
90:Win32.Worm.Downadup.Gen (
28:
23:
3122:. Sophos. Archived from
2518:An Analysis of Conficker
1780:. BBC. 20 January 2009.
1577:BetaFred (8 June 2023).
1196:, ISC, researchers from
1041:Windows Automatic Update
369:Police National Computer
342:On 2 February 2009, the
76:Net-Worm.Win32.Kido.bt (
4503:US military cyberattack
4493:Cyberattacks on Georgia
4467:Cyberattacks on Estonia
4018:Conficker Working Group
3488:, ZDNet, archived from
1126:Windows Error Reporting
1053:Windows Error Reporting
1045:Windows Security Center
232:
4498:Sarah Palin email hack
876:every day across five
293:Windows Server 2008 R2
4638:Jeanson James Ancheta
3661:Jak działa Conficker?
3397:The neverending story
2034:, IP Communications,
1604:"CVE - CVE-2008-4250"
1400:Removal and detection
1140:Web sites related to
552:Dictionary attack on
480:Dictionary attack on
363:In January 2010, the
5103:Hacking in the 2000s
4472:Operation: Bot Roast
4380:Hacking in the 2000s
4334:Operation: Bot Roast
3905:on 26 September 2010
3180:Containing Conficker
1416:Third-party software
1003:. The hash is then
952:peer-to-peer network
923:Variant C creates a
898:(ICANN) and several
441:trafficconverter.biz
83:W32/Conficker.worm (
5098:Exploit-based worms
4028:Conficker Eye Chart
3962:, 29 January 2009,
3849:on 17 December 2012
3755:, 11 January 2005,
3523:on 15 February 2009
3376:on 17 December 2012
3277:The Washington Post
2927:on 17 December 2012
2892:on 14 February 2009
2820:on 17 December 2012
2741:on 17 December 2012
2704:on 17 December 2012
2525:on 14 February 2009
2396:. 2 February 2010.
1934:, Microsoft, 2010,
1901:, Microsoft, 2011,
1871:, 26 January 2009,
1704:(22 January 2009).
1583:learn.microsoft.com
1448:are now available.
1371:Black Hat Briefings
1085:SpyProtect 2009, a
856:Payload propagation
782:request to force a
730:Kills anti-malware
727:Disables AutoUpdate
665:Kills anti-malware
662:Disables AutoUpdate
599:Disables AutoUpdate
524:Disables AutoUpdate
405:Update propagation
289:Windows Server 2008
285:Windows Server 2003
166:Windows 2008 Server
158:Windows 2003 Server
48:Win32/Conficker.A (
41:Win32/Conficker.A (
4435:Operation Firewall
4324:Man-in-the-browser
4067:"The Enemy Within"
3728:on 27 January 2010
3692:, Digital Threat,
3185:University of Bonn
3126:on 21 January 2009
3101:on 13 January 2013
2986:The Downadup Codex
2592:on 31 January 2010
2471:The New York Times
2428:The Downadup Codex
2186:The Downadup Codex
2056:Phillips, Joshua,
2003:The New York Times
1711:The New York Times
1634:The New York Times
1439:reverse-engineered
1318:On 31 March 2009,
1296:On 30 March 2009,
1278:On 24 March 2009,
1142:antivirus software
1132:Domain controllers
1108:Certain Microsoft
956:obfuscated in code
933:local area network
201:dictionary attacks
5085:
5084:
5081:
5080:
4563:associated events
4539:
4538:
4488:Project Chanology
4409:
4408:
4347:
4346:
4314:Internet security
4065:magazine article
3993:, 30 March 2009,
3930:. 27 March 2009.
3873:, SkullSecurity,
3814:, SkullSecurity,
3218:, 11 March 2009,
3211:Win32/Conficker.C
2465:(19 March 2009),
1456:broadcast domains
1249:
1248:
1114:Automatic Updates
891:from those of A.
823:dictionary attack
773:Initial infection
770:
769:
401:Infection vectors
194:Microsoft Windows
171:
170:
141:Technical details
34:Mal/Conficker-A (
5115:
4804:
4803:
4655:str0ke (milw0rm)
4524:Operation Aurora
4419:
4418:
4388:
4387:
4374:
4367:
4360:
4351:
4350:
4329:Network security
4294:Browser security
4097:
4090:
4083:
4074:
4073:
4006:
4005:
4004:
4002:
3981:
3975:
3974:
3973:
3971:
3950:
3944:
3943:
3941:
3939:
3920:
3914:
3913:
3912:
3910:
3892:
3886:
3885:
3884:
3882:
3864:
3858:
3857:
3856:
3854:
3833:
3827:
3826:
3825:
3823:
3805:
3799:
3798:
3797:
3795:
3774:
3768:
3767:
3766:
3764:
3743:
3737:
3736:
3735:
3733:
3724:, archived from
3711:
3705:
3704:
3703:
3701:
3683:
3677:
3676:
3675:
3673:
3655:
3649:
3648:
3647:
3645:
3623:
3617:
3616:
3615:
3613:
3596:
3590:
3589:
3588:
3586:
3581:on 29 April 2009
3565:
3559:
3558:
3557:
3555:
3538:
3532:
3531:
3530:
3528:
3507:
3501:
3500:
3499:
3497:
3492:on 19 March 2009
3479:
3473:
3472:
3470:
3468:
3449:
3443:
3442:
3440:
3438:
3423:
3417:
3416:
3415:
3413:
3391:
3385:
3384:
3383:
3381:
3372:, archived from
3359:
3353:
3352:
3351:
3349:
3331:
3325:
3324:
3323:
3321:
3316:on 22 April 2009
3312:, archived from
3299:
3293:
3292:
3291:
3289:
3280:, archived from
3267:
3258:
3257:
3256:
3254:
3237:
3231:
3230:
3229:
3227:
3206:
3200:
3199:
3198:
3196:
3174:
3168:
3167:
3166:
3164:
3142:
3136:
3135:
3133:
3131:
3116:
3110:
3109:
3108:
3106:
3081:
3075:
3074:
3073:
3071:
3066:on 16 April 2009
3062:, archived from
3049:
3043:
3042:
3041:
3039:
3034:on 17 April 2009
3030:, archived from
3017:
3008:
3007:
3006:
3004:
2998:
2988:(2.0 ed.),
2983:
2974:
2968:
2967:
2966:
2964:
2942:
2936:
2935:
2934:
2932:
2923:, archived from
2910:
2901:
2900:
2899:
2897:
2879:
2862:
2861:
2860:
2858:
2849:, archived from
2840:
2829:
2828:
2827:
2825:
2804:
2793:
2792:
2791:
2789:
2783:
2776:
2765:
2750:
2749:
2748:
2746:
2737:, archived from
2724:
2713:
2712:
2711:
2709:
2700:, archived from
2687:
2678:
2677:
2675:
2673:
2653:
2640:
2639:
2638:
2636:
2614:
2601:
2600:
2599:
2597:
2588:, archived from
2575:
2569:
2568:
2567:
2565:
2560:on 31 March 2009
2556:, archived from
2543:
2534:
2533:
2532:
2530:
2509:
2486:
2485:
2484:
2482:
2459:
2450:
2449:
2448:
2446:
2440:
2425:
2416:
2410:
2409:
2407:
2405:
2386:
2380:
2379:
2378:
2376:
2367:, The Register,
2358:
2352:
2351:
2349:
2347:
2325:
2319:
2318:
2317:
2315:
2310:on 21 March 2009
2298:
2292:
2291:
2290:
2288:
2279:, The Register,
2270:
2264:
2263:
2262:
2260:
2251:, The Register,
2242:
2236:
2235:
2234:
2232:
2214:
2208:
2207:
2206:
2204:
2198:
2183:
2174:
2161:
2160:
2159:
2157:
2148:, The Register,
2139:
2133:
2132:
2131:
2129:
2112:
2106:
2105:
2103:
2101:
2085:
2079:
2078:
2077:
2075:
2053:
2047:
2046:
2045:
2043:
2025:
2019:
2018:
2016:
2014:
1994:
1981:
1980:
1979:
1977:
1968:, 10 June 2015,
1956:
1950:
1949:
1948:
1946:
1940:
1933:
1923:
1917:
1916:
1915:
1913:
1907:
1900:
1890:
1884:
1883:
1882:
1880:
1859:
1853:
1852:
1851:
1849:
1831:
1825:
1824:
1822:
1820:
1800:
1794:
1793:
1791:
1789:
1768:
1762:
1761:
1760:
1758:
1734:
1728:
1727:
1725:
1723:
1698:
1692:
1691:
1690:
1688:
1672:The Enemy Within
1663:
1650:
1649:
1647:
1645:
1625:
1619:
1618:
1616:
1614:
1600:
1594:
1593:
1591:
1589:
1574:
1568:
1567:
1566:
1564:
1547:
1541:
1540:
1529:
1431:Honeynet Project
1244:
1241:
1235:
1228:factual accuracy
1220:
1219:
1212:
1122:Windows Defender
1110:Windows services
1049:Windows Defender
1030:network services
832:of any attached
808:Windows Explorer
756:SpyProtect 2009
684:Conficker E
650:
613:Conficker D
561:Removable media
555:
538:Conficker C
489:Removable media
483:
466:Conficker B
442:
416:Conficker A
391:
390:
358:House of Commons
349:An infection of
315:Impact in Europe
245:pejorative term
197:operating system
176:, also known as
126:
62:W32/Downadup.A (
21:
20:
5123:
5122:
5118:
5117:
5116:
5114:
5113:
5112:
5108:Windows malware
5088:
5087:
5086:
5077:
5051:
5025:
4999:
4968:
4942:
4911:
4870:
4854:
4835:Anna Kournikova
4823:
4793:
4768:
4766:Vulnerabilities
4760:
4734:
4718:
4709:Dmitry Sklyarov
4689:Albert Gonzalez
4619:
4535:
4507:
4476:
4455:
4439:
4410:
4381:
4378:
4348:
4343:
4282:
4111:Notable botnets
4106:
4101:
4014:
4009:
4000:
3998:
3983:
3982:
3978:
3969:
3967:
3952:
3951:
3947:
3937:
3935:
3922:
3921:
3917:
3908:
3906:
3893:
3889:
3880:
3878:
3865:
3861:
3852:
3850:
3835:
3834:
3830:
3821:
3819:
3806:
3802:
3793:
3791:
3790:on 3 April 2009
3776:
3775:
3771:
3762:
3760:
3745:
3744:
3740:
3731:
3729:
3712:
3708:
3699:
3697:
3684:
3680:
3671:
3669:
3668:on 25 July 2011
3656:
3652:
3643:
3641:
3624:
3620:
3611:
3609:
3608:on 27 July 2011
3598:
3597:
3593:
3584:
3582:
3567:
3566:
3562:
3553:
3551:
3550:on 8 April 2009
3540:
3539:
3535:
3526:
3524:
3509:
3508:
3504:
3495:
3493:
3480:
3476:
3466:
3464:
3451:
3450:
3446:
3436:
3434:
3425:
3424:
3420:
3411:
3409:
3392:
3388:
3379:
3377:
3360:
3356:
3347:
3345:
3340:, DarkReading,
3332:
3328:
3319:
3317:
3300:
3296:
3287:
3285:
3268:
3261:
3252:
3250:
3239:
3238:
3234:
3225:
3223:
3208:
3207:
3203:
3194:
3192:
3175:
3171:
3162:
3160:
3143:
3139:
3129:
3127:
3118:
3117:
3113:
3104:
3102:
3083:
3082:
3078:
3069:
3067:
3050:
3046:
3037:
3035:
3018:
3011:
3002:
3000:
2996:
2981:
2975:
2971:
2962:
2960:
2945:Putnam, Aaron,
2943:
2939:
2930:
2928:
2911:
2904:
2895:
2893:
2880:
2865:
2856:
2854:
2853:on 2 April 2009
2841:
2832:
2823:
2821:
2806:
2805:
2796:
2787:
2785:
2784:on 12 June 2010
2781:
2774:
2766:
2753:
2744:
2742:
2725:
2716:
2707:
2705:
2688:
2681:
2671:
2669:
2654:
2643:
2634:
2632:
2615:
2604:
2595:
2593:
2576:
2572:
2563:
2561:
2544:
2537:
2528:
2526:
2510:
2489:
2480:
2478:
2460:
2453:
2444:
2442:
2438:
2423:
2417:
2413:
2403:
2401:
2388:
2387:
2383:
2374:
2372:
2359:
2355:
2345:
2343:
2326:
2322:
2313:
2311:
2300:
2299:
2295:
2286:
2284:
2271:
2267:
2258:
2256:
2243:
2239:
2230:
2228:
2215:
2211:
2202:
2200:
2196:
2181:
2175:
2164:
2155:
2153:
2140:
2136:
2127:
2125:
2114:
2113:
2109:
2099:
2097:
2086:
2082:
2073:
2071:
2054:
2050:
2041:
2039:
2026:
2022:
2012:
2010:
1995:
1984:
1975:
1973:
1958:
1957:
1953:
1944:
1942:
1938:
1931:
1925:
1924:
1920:
1911:
1909:
1905:
1898:
1892:
1891:
1887:
1878:
1876:
1861:
1860:
1856:
1847:
1845:
1832:
1828:
1818:
1816:
1801:
1797:
1787:
1785:
1777:BBC News Online
1770:
1769:
1765:
1756:
1754:
1735:
1731:
1721:
1719:
1699:
1695:
1686:
1684:
1664:
1653:
1643:
1641:
1626:
1622:
1612:
1610:
1602:
1601:
1597:
1587:
1585:
1575:
1571:
1562:
1560:
1549:
1548:
1544:
1531:
1530:
1526:
1522:
1485:
1468:
1427:
1418:
1402:
1367:
1261:
1259:From registries
1245:
1239:
1236:
1233:
1225:This article's
1221:
1217:
1210:
1158:
1099:
1090:rogue antivirus
1065:
1022:
981:
858:
834:removable media
784:buffer overflow
775:
648:
553:
481:
440:
439:Downloads from
397:Detection date
377:
317:
305:removable media
269:network service
261:
235:
230:
221:
111:Worm.Downadup (
17:
12:
11:
5:
5121:
5111:
5110:
5105:
5100:
5083:
5082:
5079:
5078:
5076:
5075:
5070:
5065:
5059:
5057:
5053:
5052:
5050:
5049:
5044:
5039:
5033:
5031:
5027:
5026:
5024:
5023:
5021:Black Energy 1
5018:
5013:
5007:
5005:
5001:
5000:
4998:
4997:
4992:
4987:
4982:
4976:
4974:
4970:
4969:
4967:
4966:
4961:
4956:
4950:
4948:
4944:
4943:
4941:
4940:
4935:
4930:
4925:
4919:
4917:
4913:
4912:
4910:
4909:
4904:
4899:
4894:
4889:
4884:
4878:
4876:
4872:
4871:
4869:
4868:
4862:
4860:
4856:
4855:
4853:
4852:
4847:
4842:
4837:
4831:
4829:
4825:
4824:
4822:
4821:
4816:
4810:
4808:
4801:
4795:
4794:
4792:
4791:
4785:
4779:
4776:Shatter attack
4772:
4770:
4762:
4761:
4759:
4758:
4753:
4748:
4742:
4740:
4739:Hacking forums
4736:
4735:
4733:
4732:
4726:
4724:
4720:
4719:
4717:
4716:
4711:
4706:
4701:
4696:
4691:
4686:
4681:
4676:
4671:
4666:
4661:
4656:
4653:
4650:
4645:
4640:
4635:
4629:
4627:
4621:
4620:
4618:
4617:
4612:
4607:
4602:
4597:
4595:PLA Unit 61398
4592:
4587:
4582:
4577:
4572:
4567:
4566:
4565:
4555:
4549:
4547:
4541:
4540:
4537:
4536:
4534:
4533:
4527:
4521:
4519:Operation Troy
4515:
4513:
4509:
4508:
4506:
4505:
4500:
4495:
4490:
4484:
4482:
4478:
4477:
4475:
4474:
4469:
4463:
4461:
4457:
4456:
4454:
4453:
4447:
4445:
4441:
4440:
4438:
4437:
4432:
4425:
4423:
4416:
4412:
4411:
4407:
4406:
4400:
4395:
4386:
4383:
4382:
4377:
4376:
4369:
4362:
4354:
4345:
4344:
4342:
4341:
4336:
4331:
4326:
4321:
4316:
4311:
4306:
4301:
4299:Computer virus
4296:
4290:
4288:
4284:
4283:
4281:
4280:
4275:
4270:
4265:
4260:
4255:
4250:
4245:
4240:
4235:
4230:
4225:
4220:
4215:
4210:
4205:
4200:
4195:
4190:
4185:
4180:
4175:
4170:
4165:
4160:
4155:
4150:
4145:
4140:
4135:
4130:
4125:
4120:
4114:
4112:
4108:
4107:
4100:
4099:
4092:
4085:
4077:
4071:
4070:
4030:
4025:
4020:
4013:
4012:External links
4010:
4008:
4007:
3976:
3945:
3915:
3887:
3859:
3828:
3800:
3769:
3738:
3706:
3678:
3650:
3618:
3591:
3560:
3533:
3502:
3474:
3444:
3418:
3386:
3354:
3326:
3294:
3284:on 15 May 2011
3259:
3232:
3201:
3169:
3137:
3111:
3076:
3044:
3009:
2992:, p. 47,
2969:
2937:
2902:
2863:
2830:
2794:
2751:
2714:
2679:
2641:
2602:
2570:
2535:
2513:Phillip Porras
2487:
2451:
2411:
2381:
2353:
2320:
2293:
2265:
2237:
2209:
2192:, p. 32,
2162:
2134:
2107:
2080:
2048:
2020:
1982:
1951:
1918:
1885:
1854:
1826:
1795:
1763:
1729:
1693:
1651:
1620:
1595:
1569:
1542:
1523:
1521:
1518:
1517:
1516:
1511:
1506:
1501:
1496:
1491:
1484:
1481:
1467:
1464:
1458:for repeating
1426:
1423:
1417:
1414:
1401:
1398:
1366:
1363:
1359:
1358:
1335:
1316:
1294:
1287:
1276:
1260:
1257:
1247:
1246:
1224:
1222:
1215:
1209:
1208:From Microsoft
1206:
1186:America Online
1157:
1154:
1153:
1152:
1149:
1146:Windows Update
1138:
1135:
1129:
1106:
1098:
1095:
1094:
1093:
1083:
1064:
1061:
1037:System Restore
1021:
1018:
980:
977:
976:
975:
948:
936:
921:
920:
919:
885:
857:
854:
846:
845:
826:
811:
774:
771:
768:
767:
766:
765:
762:
761:
760:
754:
743:
738:
737:
736:
735:
734:
728:
725:
720:
719:
718:
717:
716:
712:P2P push/pull
710:
709:
708:
700:
699:
698:
697:
696:
688:
685:
681:
680:
679:
678:
673:
672:
671:
670:
669:
663:
660:
654:
653:
652:
640:
639:
638:
637:
636:
632:P2P push/pull
630:
629:
628:
620:
617:
614:
610:
609:
608:
607:
602:
601:
600:
597:
592:
591:
590:
589:
588:
585:
579:
578:
577:
569:
568:
567:
566:
565:
559:
558:
557:
550:
542:
539:
535:
534:
533:
532:
527:
526:
525:
522:
517:
516:
515:
514:
513:
507:
506:
505:
497:
496:
495:
494:
493:
487:
486:
485:
478:
470:
467:
463:
462:
461:
460:
455:
450:
449:
448:
447:
446:
443:
432:
431:
430:
429:
428:
420:
417:
413:
412:
409:
406:
403:
398:
395:
376:
373:
319:Intramar, the
316:
313:
309:network shares
271:(MS08-067) on
260:
257:
234:
231:
229:
226:
220:
217:
192:targeting the
169:
168:
147:
143:
142:
138:
137:
132:
128:
127:
119:
118:
117:
116:
109:
102:
95:
88:
81:
74:
67:
60:
55:W32.Downadup (
53:
46:
39:
30:
29:Technical name
26:
25:
15:
9:
6:
4:
3:
2:
5120:
5109:
5106:
5104:
5101:
5099:
5096:
5095:
5093:
5074:
5071:
5069:
5066:
5064:
5061:
5060:
5058:
5054:
5048:
5045:
5043:
5040:
5038:
5035:
5034:
5032:
5028:
5022:
5019:
5017:
5014:
5012:
5009:
5008:
5006:
5002:
4996:
4993:
4991:
4988:
4986:
4983:
4981:
4978:
4977:
4975:
4971:
4965:
4962:
4960:
4957:
4955:
4952:
4951:
4949:
4945:
4939:
4936:
4934:
4931:
4929:
4926:
4924:
4921:
4920:
4918:
4914:
4908:
4905:
4903:
4900:
4898:
4895:
4893:
4890:
4888:
4885:
4883:
4880:
4879:
4877:
4873:
4867:
4864:
4863:
4861:
4857:
4851:
4848:
4846:
4843:
4841:
4838:
4836:
4833:
4832:
4830:
4826:
4820:
4817:
4815:
4812:
4811:
4809:
4805:
4802:
4800:
4796:
4789:
4786:
4783:
4780:
4777:
4774:
4773:
4771:
4767:
4763:
4757:
4754:
4752:
4749:
4747:
4744:
4743:
4741:
4737:
4731:
4728:
4727:
4725:
4721:
4715:
4712:
4710:
4707:
4705:
4702:
4700:
4697:
4695:
4692:
4690:
4687:
4685:
4682:
4680:
4677:
4675:
4672:
4670:
4667:
4665:
4662:
4660:
4657:
4654:
4651:
4649:
4646:
4644:
4641:
4639:
4636:
4634:
4631:
4630:
4628:
4626:
4622:
4616:
4613:
4611:
4610:World of Hell
4608:
4606:
4603:
4601:
4598:
4596:
4593:
4591:
4588:
4586:
4583:
4581:
4578:
4576:
4573:
4571:
4568:
4564:
4561:
4560:
4559:
4556:
4554:
4551:
4550:
4548:
4546:
4542:
4531:
4528:
4525:
4522:
4520:
4517:
4516:
4514:
4510:
4504:
4501:
4499:
4496:
4494:
4491:
4489:
4486:
4485:
4483:
4479:
4473:
4470:
4468:
4465:
4464:
4462:
4458:
4452:
4449:
4448:
4446:
4442:
4436:
4433:
4430:
4427:
4426:
4424:
4420:
4417:
4413:
4405: →
4404:
4401:
4399:
4396:
4394:
4391:←
4390:
4389:
4384:
4375:
4370:
4368:
4363:
4361:
4356:
4355:
4352:
4340:
4337:
4335:
4332:
4330:
4327:
4325:
4322:
4320:
4317:
4315:
4312:
4310:
4307:
4305:
4304:Computer worm
4302:
4300:
4297:
4295:
4292:
4291:
4289:
4287:Main articles
4285:
4279:
4276:
4274:
4271:
4269:
4266:
4264:
4261:
4259:
4256:
4254:
4251:
4249:
4246:
4244:
4241:
4239:
4236:
4234:
4231:
4229:
4226:
4224:
4221:
4219:
4216:
4214:
4211:
4209:
4206:
4204:
4201:
4199:
4196:
4194:
4191:
4189:
4186:
4184:
4181:
4179:
4176:
4174:
4171:
4169:
4166:
4164:
4161:
4159:
4156:
4154:
4151:
4149:
4146:
4144:
4141:
4139:
4136:
4134:
4131:
4129:
4126:
4124:
4121:
4119:
4116:
4115:
4113:
4109:
4105:
4098:
4093:
4091:
4086:
4084:
4079:
4078:
4075:
4068:
4064:
4060:
4056:
4055:
4050:
4046:
4045:0-8021-1983-2
4042:
4038:
4034:
4031:
4029:
4026:
4024:
4021:
4019:
4016:
4015:
3996:
3992:
3988:
3987:
3980:
3965:
3961:
3957:
3956:
3949:
3933:
3929:
3925:
3919:
3904:
3900:
3899:
3891:
3876:
3872:
3871:
3863:
3848:
3844:
3840:
3839:
3832:
3817:
3813:
3812:
3804:
3789:
3785:
3781:
3780:
3773:
3758:
3754:
3750:
3749:
3742:
3727:
3723:
3722:Network World
3719:
3718:
3710:
3695:
3691:
3690:
3682:
3667:
3663:
3662:
3654:
3639:
3635:
3631:
3630:
3622:
3607:
3603:
3602:
3595:
3580:
3576:
3572:
3571:
3564:
3549:
3545:
3544:
3537:
3522:
3518:
3514:
3513:
3506:
3491:
3487:
3486:
3478:
3462:
3458:
3454:
3448:
3432:
3428:
3422:
3407:
3403:
3402:Kaspersky Lab
3399:
3398:
3390:
3375:
3371:
3367:
3366:
3358:
3343:
3339:
3338:
3330:
3315:
3311:
3307:
3306:
3298:
3283:
3279:
3278:
3273:
3266:
3264:
3248:
3245:, Microsoft,
3244:
3243:
3236:
3221:
3217:
3213:
3212:
3205:
3190:
3186:
3182:
3181:
3173:
3158:
3154:
3150:
3149:
3141:
3125:
3121:
3115:
3100:
3096:
3092:
3088:
3087:
3086:Cve-2008-4250
3080:
3065:
3061:
3057:
3056:
3048:
3033:
3029:
3028:Computerworld
3025:
3024:
3016:
3014:
2995:
2991:
2987:
2980:
2973:
2958:
2954:
2950:
2949:
2941:
2926:
2922:
2918:
2917:
2909:
2907:
2891:
2887:
2886:
2878:
2876:
2874:
2872:
2870:
2868:
2852:
2848:
2847:
2839:
2837:
2835:
2819:
2815:
2811:
2810:
2803:
2801:
2799:
2780:
2773:
2772:
2764:
2762:
2760:
2758:
2756:
2740:
2736:
2732:
2731:
2723:
2721:
2719:
2703:
2699:
2695:
2694:
2686:
2684:
2667:
2663:
2659:
2652:
2650:
2648:
2646:
2630:
2626:
2622:
2621:
2613:
2611:
2609:
2607:
2591:
2587:
2583:
2582:
2574:
2559:
2555:
2551:
2550:
2542:
2540:
2524:
2520:
2519:
2514:
2508:
2506:
2504:
2502:
2500:
2498:
2496:
2494:
2492:
2476:
2472:
2468:
2464:
2463:Markoff, John
2458:
2456:
2437:
2434:, p. 2,
2433:
2429:
2422:
2415:
2399:
2395:
2391:
2385:
2370:
2366:
2365:
2357:
2341:
2337:
2336:
2331:
2324:
2309:
2305:
2304:
2297:
2282:
2278:
2277:
2269:
2254:
2250:
2249:
2241:
2226:
2222:
2221:
2213:
2195:
2191:
2187:
2180:
2173:
2171:
2169:
2167:
2151:
2147:
2146:
2138:
2123:
2119:
2118:
2111:
2095:
2091:
2084:
2069:
2065:
2061:
2060:
2052:
2037:
2033:
2032:
2024:
2008:
2004:
2000:
1993:
1991:
1989:
1987:
1971:
1967:
1963:
1962:
1955:
1937:
1930:
1929:
1922:
1904:
1897:
1896:
1889:
1874:
1870:
1866:
1865:
1858:
1843:
1839:
1838:
1830:
1814:
1810:
1806:
1799:
1783:
1779:
1778:
1773:
1767:
1752:
1748:
1744:
1740:
1733:
1717:
1713:
1712:
1707:
1703:
1702:Markoff, John
1697:
1682:
1678:
1674:
1673:
1669:(June 2010),
1668:
1662:
1660:
1658:
1656:
1639:
1635:
1631:
1624:
1609:
1608:cve.mitre.org
1605:
1599:
1584:
1580:
1573:
1558:
1554:
1553:
1546:
1538:
1534:
1528:
1524:
1515:
1512:
1510:
1507:
1505:
1502:
1500:
1497:
1495:
1492:
1490:
1487:
1486:
1480:
1477:
1473:
1463:
1461:
1457:
1454:
1449:
1447:
1442:
1440:
1436:
1432:
1422:
1413:
1411:
1406:
1397:
1393:
1390:
1386:
1385:
1379:
1376:
1372:
1362:
1356:
1352:
1348:
1344:
1340:
1336:
1333:
1329:
1325:
1321:
1317:
1314:
1310:
1306:
1303:
1299:
1295:
1292:
1288:
1285:
1281:
1277:
1274:
1270:
1269:
1268:
1266:
1256:
1254:
1243:
1231:
1229:
1223:
1214:
1213:
1205:
1203:
1199:
1195:
1191:
1187:
1183:
1179:
1175:
1171:
1167:
1163:
1150:
1147:
1143:
1139:
1136:
1133:
1130:
1127:
1123:
1119:
1115:
1111:
1107:
1104:
1103:
1102:
1091:
1088:
1084:
1081:
1077:
1073:
1070:
1069:
1068:
1060:
1058:
1054:
1050:
1046:
1042:
1038:
1033:
1031:
1027:
1017:
1014:
1010:
1006:
1002:
998:
994:
990:
986:
974:of each peer.
973:
969:
965:
961:
957:
953:
949:
946:
941:
937:
934:
930:
926:
922:
917:
913:
908:
904:
901:
897:
893:
892:
890:
886:
883:
879:
875:
871:
870:
869:
867:
863:
853:
851:
843:
839:
835:
831:
827:
824:
820:
816:
815:ADMIN$ share
812:
809:
805:
801:
797:
793:
789:
785:
781:
777:
776:
763:
759:
755:
753:
750:
747:
746:
744:
741:
740:
739:
732:
731:
729:
726:
723:
722:
721:
714:
713:
711:
706:
705:
704:NetBIOS push
703:
702:
701:
694:
693:
691:
690:
689:
686:
683:
682:
676:
675:
674:
667:
666:
664:
661:
659:
655:
646:
645:
643:
642:
641:
634:
633:
631:
626:
625:
623:
622:
621:
618:
615:
612:
611:
605:
604:
603:
598:
595:
594:
593:
586:
583:
582:
581:NetBIOS push
580:
575:
574:
572:
571:
570:
563:
562:
560:
551:
548:
547:
545:
544:
543:
540:
537:
536:
530:
529:
528:
523:
520:
519:
518:
511:
510:
509:NetBIOS push
508:
503:
502:
500:
499:
498:
491:
490:
488:
479:
476:
475:
473:
472:
471:
468:
465:
464:
458:
457:
456:
454:
451:
444:
438:
437:
435:
434:
433:
426:
425:
423:
422:
421:
418:
415:
414:
410:
408:Self-defense
407:
404:
402:
399:
396:
393:
392:
389:
385:
382:
372:
370:
366:
361:
359:
354:
352:
347:
345:
340:
338:
334:
330:
325:
322:
312:
310:
306:
301:
298:
294:
290:
286:
282:
281:Windows Vista
278:
274:
270:
266:
265:vulnerability
256:
254:
250:
249:
244:
240:
225:
216:
212:
210:
206:
202:
198:
195:
191:
190:computer worm
187:
183:
179:
175:
167:
163:
162:Windows Vista
159:
155:
151:
148:
144:
139:
136:
133:
129:
125:
120:
114:
110:
107:
104:WORM_DOWNAD (
103:
100:
97:Win32:Confi (
96:
93:
89:
86:
82:
79:
75:
72:
69:Conficker.A (
68:
65:
61:
58:
54:
51:
47:
44:
40:
37:
33:
32:
31:
27:
22:
19:
16:Computer worm
5062:
4964:Sony rootkit
4730:Bluehell IRC
4699:Dan Kaminsky
4694:Sven Jaschan
4339:Trojan horse
4152:
4069:(June 2010).
4062:
4052:
3999:, retrieved
3985:
3979:
3968:, retrieved
3954:
3948:
3936:. Retrieved
3918:
3907:, retrieved
3903:the original
3897:
3890:
3879:, retrieved
3869:
3862:
3851:, retrieved
3847:the original
3837:
3831:
3820:, retrieved
3810:
3803:
3792:, retrieved
3788:the original
3778:
3772:
3761:, retrieved
3747:
3741:
3730:, retrieved
3726:the original
3716:
3709:
3698:, retrieved
3688:
3681:
3670:, retrieved
3666:the original
3660:
3653:
3642:, retrieved
3628:
3621:
3610:, retrieved
3606:the original
3600:
3594:
3583:, retrieved
3579:the original
3569:
3563:
3552:, retrieved
3548:the original
3542:
3536:
3527:22 September
3525:, retrieved
3521:the original
3511:
3505:
3494:, retrieved
3490:the original
3484:
3477:
3465:. Retrieved
3447:
3435:. Retrieved
3421:
3410:, retrieved
3396:
3389:
3378:, retrieved
3374:the original
3364:
3357:
3346:, retrieved
3336:
3329:
3318:, retrieved
3314:the original
3304:
3297:
3286:, retrieved
3282:the original
3275:
3251:, retrieved
3241:
3235:
3224:, retrieved
3210:
3204:
3193:, retrieved
3179:
3172:
3161:, retrieved
3147:
3140:
3128:. Retrieved
3124:the original
3114:
3103:, retrieved
3099:the original
3085:
3079:
3068:, retrieved
3064:the original
3054:
3047:
3036:, retrieved
3032:the original
3022:
3001:, retrieved
2985:
2972:
2961:, retrieved
2947:
2940:
2929:, retrieved
2925:the original
2915:
2894:, retrieved
2890:the original
2884:
2855:, retrieved
2851:the original
2845:
2822:, retrieved
2818:the original
2808:
2786:, retrieved
2779:the original
2770:
2743:, retrieved
2739:the original
2729:
2706:, retrieved
2702:the original
2692:
2670:. Retrieved
2633:, retrieved
2619:
2594:, retrieved
2590:the original
2580:
2573:
2562:, retrieved
2558:the original
2548:
2527:, retrieved
2523:the original
2517:
2479:, retrieved
2470:
2443:, retrieved
2427:
2414:
2402:. Retrieved
2393:
2384:
2373:, retrieved
2363:
2356:
2344:. Retrieved
2335:The Register
2333:
2323:
2312:, retrieved
2308:the original
2302:
2296:
2285:, retrieved
2275:
2268:
2257:, retrieved
2247:
2240:
2229:, retrieved
2219:
2212:
2201:, retrieved
2185:
2154:, retrieved
2144:
2137:
2126:, retrieved
2116:
2110:
2098:. Retrieved
2083:
2072:, retrieved
2058:
2051:
2040:, retrieved
2030:
2023:
2011:. Retrieved
2002:
1974:, retrieved
1960:
1954:
1943:, retrieved
1927:
1921:
1910:, retrieved
1894:
1888:
1877:, retrieved
1863:
1857:
1846:, retrieved
1836:
1829:
1817:. Retrieved
1798:
1786:. Retrieved
1775:
1766:
1755:, retrieved
1742:
1732:
1720:. Retrieved
1709:
1696:
1685:, retrieved
1677:The Atlantic
1671:
1667:Bowden, Mark
1642:. Retrieved
1633:
1623:
1611:. Retrieved
1607:
1598:
1586:. Retrieved
1582:
1572:
1561:, retrieved
1551:
1545:
1527:
1469:
1450:
1443:
1435:peer-to-peer
1428:
1419:
1407:
1403:
1394:
1388:
1382:
1380:
1368:
1360:
1262:
1250:
1237:
1226:
1202:Shadowserver
1198:Georgia Tech
1159:
1100:
1066:
1034:
1029:
1025:
1023:
1020:Self-defense
982:
874:domain names
859:
847:
841:
829:
794:server on a
786:and execute
452:
386:
378:
362:
355:
348:
341:
332:
326:
318:
273:Windows 2000
262:
252:
246:
236:
222:
213:
185:
181:
177:
173:
172:
150:Windows 2000
18:
4882:SQL Slammer
4704:Samy Kamkar
4625:Individuals
4590:Level Seven
4553:Ac1db1tch3z
4532:(2008–2010)
4431:(2003–2006)
4037:Mark Bowden
3970:16 February
3732:28 December
2963:15 February
2586:Trend Micro
1613:7 September
1588:7 September
864:executable
850:svchost.exe
842:autorun.inf
830:recycle.bin
804:svchost.exe
687:2009-04-07
616:2009-03-04
541:2009-02-20
469:2008-12-29
419:2008-11-21
411:End action
333:NavyStar/N*
321:French Navy
297:out-of-band
209:SQL Slammer
106:Trend Micro
92:BitDefender
5092:Categories
4769:discovered
4756:darksun.ws
4751:unkn0wn.eu
4659:Lil Hacker
4605:ShadowCrew
4530:WebcamGate
4429:Titan Rain
4273:ZeroAccess
3437:22 January
3130:16 January
2404:2 February
2287:20 January
2259:20 January
2156:20 January
1976:17 January
1945:1 November
1912:1 November
1848:18 January
1819:16 January
1788:16 January
1520:References
1499:Bot herder
1462:requests.
1240:March 2012
1080:Storm worm
1063:End action
1009:public key
972:IP address
925:named pipe
912:heuristics
903:registries
649:DNSAPI.DLL
624:HTTP pull
573:HTTP pull
501:HTTP pull
436:HTTP pull
351:Manchester
344:Bundeswehr
277:Windows XP
219:Prevalence
154:Windows XP
5063:Conficker
5042:Agent.btz
4570:Avalanche
4558:Anonymous
4415:Incidents
4263:Vulcanbot
4153:Conficker
4054:Fresh Air
3928:Microsoft
3784:Microsoft
3753:Microsoft
3517:Microsoft
3457:Microsoft
2953:Microsoft
2554:Microsoft
2346:10 August
2064:Microsoft
1743:Techworld
1644:27 August
1537:Microsoft
1162:Microsoft
1128:disabled.
1087:scareware
997:encrypted
970:from the
907:transfers
788:shellcode
758:scareware
658:Safe Mode
656:Disables
375:Operation
337:Sheffield
259:Discovery
174:Conficker
78:Kaspersky
24:Conficker
5068:Koobface
5047:Mariposa
4995:Stration
4990:Clickbot
4954:PGPCoder
4902:Graybird
4840:Code Red
4814:ILOVEYOU
4788:sslstrip
4746:ryan1918
4723:Darknets
4714:Stakkato
4652:Digerati
4648:Dshocker
4615:Sandworm
4585:GhostNet
4398:Timeline
4233:Slenfbot
4198:Mariposa
4183:Koobface
4143:Bredolab
4138:BASHLITE
4063:Atlantic
3995:archived
3964:archived
3938:15 April
3932:Archived
3881:31 March
3875:archived
3853:25 April
3843:Symantec
3822:25 April
3816:archived
3794:30 March
3763:29 March
3757:archived
3694:archived
3672:31 March
3638:archived
3612:27 March
3585:31 March
3554:31 March
3467:3 August
3461:Archived
3431:Archived
3412:13 April
3406:archived
3380:11 April
3370:Symantec
3348:11 April
3342:archived
3320:10 April
3310:Symantec
3288:25 April
3253:30 March
3247:archived
3226:29 March
3220:archived
3189:archived
3157:archived
3105:29 March
3070:10 April
3060:Symantec
3038:10 April
2994:archived
2990:Symantec
2957:archived
2931:10 April
2921:Symantec
2896:29 March
2857:10 April
2814:Symantec
2788:13 April
2735:Symantec
2698:Symantec
2672:25 April
2666:Archived
2662:Symantec
2629:archived
2625:Symantec
2564:30 March
2529:29 March
2481:29 March
2475:archived
2436:archived
2432:Symantec
2398:Archived
2394:BBC News
2375:29 March
2369:archived
2340:Archived
2281:archived
2253:archived
2225:archived
2194:archived
2190:Symantec
2150:archived
2128:15 April
2122:archived
2100:29 March
2094:Archived
2068:archived
2036:archived
2007:Archived
1970:archived
1936:archived
1903:archived
1879:25 March
1873:archived
1842:archived
1813:Archived
1809:F-Secure
1782:Archived
1757:23 April
1751:archived
1722:23 April
1716:Archived
1681:archived
1638:Archived
1563:28 April
1557:archived
1483:See also
1453:sniffing
1349:that no
1339:Guernsey
1194:F-Secure
1190:Symantec
1178:Verisign
1156:Response
1120:(BITS),
1112:such as
1097:Symptoms
1092:product.
1057:resolver
979:Armoring
945:backdoor
889:disjoint
866:payloads
692:NetBIOS
546:NetBIOS
474:NetBIOS
424:NetBIOS
394:Variant
182:Downadup
146:Platform
64:F-Secure
57:Symantec
5073:Waledac
4980:Rustock
4907:Blaster
4887:Welchia
4819:Pikachu
4799:Malware
4669:camZero
4319:Malware
4268:Waledac
4223:Rustock
4213:Metulji
4178:Kelihos
4173:Gumblar
4148:Cutwail
4104:Botnets
4039:(2011;
4001:1 April
3960:US-CERT
3909:2 April
3700:26 June
3644:1 April
3496:1 April
3195:3 April
3163:1 April
3003:19 June
2824:1 April
2745:1 April
2708:3 April
2635:1 April
2596:7 April
2445:1 April
2314:1 April
2231:1 April
2203:1 April
2074:1 April
2042:1 April
2013:30 June
1840:, CNN,
1514:Malware
1476:AutoRun
1466:US CERT
1375:Ukraine
1174:Neustar
1166:Afilias
1144:or the
1076:spambot
1072:Waledac
940:patches
862:pulling
838:AutoRun
819:NetBIOS
752:spambot
749:Waledac
554:ADMIN$
482:ADMIN$
381:malware
251:(engl.
239:English
228:History
188:, is a
160:(SP2),
5037:Asprox
4938:Mydoom
4933:Sasser
4928:NetSky
4866:Simile
4790:(2009)
4784:(2008)
4778:(2002)
4684:diabl0
4679:Cyxymu
4674:Coolio
4643:SilenZ
4545:Groups
4309:Malbot
4253:Torpig
4238:Srizbi
4228:Sality
4203:Mega-D
4193:Lethic
4188:Kraken
4158:Donbot
4128:Asprox
4043:
3634:SWITCH
1687:15 May
1489:Botnet
1389:et al.
1365:Origin
1343:Jersey
1324:Polish
1322:, the
1300:, the
1298:SWITCH
1200:, The
1026:SYSTEM
989:hashed
968:hashed
556:shares
484:shares
291:, and
253:fucker
248:Ficker
243:German
211:worm.
205:botnet
178:Downup
113:ClamAV
99:avast!
85:McAfee
36:Sophos
5011:Storm
4923:Bagle
4897:Gruel
4892:Sobig
4845:Nimda
4633:AKill
4580:0x1fe
4403:2010s
4393:1990s
4258:Virut
4248:TDL-4
4243:Storm
4218:Nitol
4208:Mirai
4163:Festi
4133:Bagle
4123:Akbot
3153:ICANN
2997:(PDF)
2982:(PDF)
2782:(PDF)
2775:(PDF)
2439:(PDF)
2424:(PDF)
2197:(PDF)
2182:(PDF)
1966:ZDNet
1939:(PDF)
1932:(PDF)
1906:(PDF)
1899:(PDF)
1373:that
1305:ccTLD
1302:Swiss
1253:$ USD
1170:ICANN
985:SHA-1
619:None
453:None
300:patch
267:in a
71:Panda
5056:2009
5030:2008
5016:ZeuS
5004:2007
4985:ZLOB
4973:2006
4959:Samy
4947:2005
4916:2004
4875:2003
4859:2002
4850:Klez
4828:2001
4807:2000
4664:BadB
4575:GNAA
4512:2009
4481:2008
4460:2007
4444:2005
4422:2004
4278:Zeus
4168:Grum
4041:ISBN
4003:2009
3972:2009
3940:2009
3911:2009
3883:2009
3855:2009
3824:2009
3796:2009
3765:2009
3734:2009
3702:2009
3674:2009
3646:2009
3614:2009
3587:2009
3575:CIRA
3556:2009
3529:2009
3498:2009
3469:2009
3439:2009
3414:2009
3382:2009
3350:2009
3322:2009
3290:2009
3255:2009
3228:2009
3197:2009
3165:2009
3132:2009
3107:2009
3072:2009
3040:2009
3005:2009
2965:2015
2933:2009
2898:2009
2859:2009
2826:2009
2790:2009
2747:2009
2710:2009
2674:2009
2637:2009
2598:2009
2566:2009
2531:2009
2483:2009
2447:2009
2406:2010
2377:2009
2348:2017
2316:2009
2289:2009
2261:2009
2233:2009
2205:2009
2158:2009
2130:2009
2102:2009
2076:2009
2044:2009
2015:2019
1978:2017
1947:2011
1914:2011
1881:2009
1850:2009
1821:2009
1790:2009
1759:2009
1724:2009
1689:2010
1646:2009
1615:2023
1590:2023
1565:2009
1470:The
1347:IANA
1341:and
1332:DDoS
1320:NASK
1311:and
1280:CIRA
1124:and
1074:, a
1051:and
991:and
929:URLs
878:TLDs
796:port
792:HTTP
327:The
307:and
233:Name
186:Kido
184:and
135:Worm
131:Type
43:ESET
4600:RBN
4118:3ve
4059:NPR
4057:on
4047:);
4035:by
1869:UPI
1747:IDG
1460:ARP
1355:.je
1353:or
1351:.gg
1328:.pl
1313:.li
1309:.ch
1291:.pa
1284:.ca
1273:.cl
1265:TLD
1013:MD6
1005:RSA
1001:key
993:RC4
964:TCP
960:UDP
900:TLD
800:DLL
780:RPC
5094::
3989:,
3958:,
3926:.
3841:,
3782:,
3751:,
3720:,
3636:,
3632:,
3573:,
3515:,
3459:.
3455:.
3404:,
3400:,
3368:,
3308:,
3274:,
3262:^
3216:CA
3214:,
3187:,
3155:,
3151:,
3093:,
3089:,
3058:,
3026:,
3012:^
2984:,
2955:,
2951:,
2919:,
2905:^
2866:^
2833:^
2812:,
2797:^
2754:^
2733:,
2717:^
2696:,
2682:^
2664:.
2660:.
2644:^
2627:,
2623:,
2605:^
2584:,
2552:,
2538:^
2490:^
2473:,
2469:,
2454:^
2430:,
2426:,
2392:.
2338:.
2332:.
2188:,
2184:,
2165:^
2066:,
2062:,
2005:.
2001:.
1985:^
1964:,
1867:,
1811:.
1807:.
1774:.
1749:,
1745:,
1741:,
1714:.
1708:.
1679:,
1675:,
1654:^
1636:.
1632:.
1606:.
1581:.
1535:.
1192:,
1188:,
1180:,
1176:,
1172:,
1168:,
1164:,
1116:,
1047:,
1043:,
1032:.
287:,
283:,
279:,
275:,
180:,
164:,
156:,
152:,
50:CA
4373:e
4366:t
4359:v
4096:e
4089:t
4082:v
3942:.
3471:.
3441:.
3134:.
2676:.
2408:.
2350:.
2104:.
2017:.
1823:.
1792:.
1726:.
1648:.
1617:.
1592:.
1539:.
1242:)
1238:(
1232:.
995:-
987:-
947:.
935:.
844:.
115:)
108:)
101:)
94:)
87:)
80:)
73:)
66:)
59:)
52:)
45:)
38:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.