1229:
135:
925:. This new pull mechanism (which was disabled until April 1, 2009) is unlikely to propagate payloads to more than 1% of infected hosts per day, but is expected to function as a seeding mechanism for the virus's peer-to-peer network. The shorter generated names, however, are expected to collide with 150–200 existing domains per day, potentially causing a
266:). Microsoft analyst Joshua Phillips gives an alternative interpretation of the name, describing it as a rearrangement of portions of the domain name trafficconverter.biz (with the letter k, not found in the domain name, added as in "trafficker", to avoid a "soft" c sound) which was used by early versions of Conficker to download updates.
1388:
is the probable origin of the virus, but declined to reveal further technical discoveries about the virus's internals to avoid tipping off its authors. An initial variant of
Conficker did not infect systems with Ukrainian IP addresses or with Ukrainian keyboard layouts. The payload of Conficker.E was
920:
and registrations for these domains. Variant D counters this by generating daily a pool of 50,000 domains across 110 TLDs, from which it randomly chooses 500 to attempt for that day. The generated domain names were also shortened from 8–11 to 4–9 characters to make them more difficult to detect with
218:, and has been unusually difficult to counter because of its combined use of many advanced malware techniques. The Conficker worm infected millions of computers including government, business and home computers in over 190 countries, making it the largest known computer worm infection since the 2003
398:
Five variants of the
Conficker virus are known and have been dubbed Conficker A, B, C, D and E. They were discovered 21 November 2008, 29 December 2008, 20 February 2009, 4 March 2009 and 7 April 2009, respectively. The Conficker Working Group uses namings of A, B, B++, C, and E for the same
394:
techniques used by
Conficker have seen past use or are well known to researchers, the virus's combined use of so many has made it unusually difficult to eradicate. The virus's unknown authors are also believed to be tracking anti-malware efforts from network operators and law enforcement and have
234:
Estimates of the number of infected computers were difficult because the virus changed its propagation and update strategy from version to version. In
January 2009, the estimated number of infected computers ranged from almost 9 million to 15 million. Microsoft has reported the total number of
1489:
to prevent
Variant B of the virus from spreading through removable media. Prior to the release of Microsoft knowledgebase article KB967715, US-CERT described Microsoft's guidelines on disabling Autorun as being "not fully effective" and provided a workaround for disabling it more effectively.
1431:
Many third-party anti-virus software vendors have released detection updates to their products and claim to be able to remove the worm. The evolving process of the malware shows some adoption to the common removal software, so it is likely that some of them might remove or at least disable some
1026:
as their hash function and increase the size of the RSA key to 4096 bits. Conficker B adopted MD6 mere months after it was first published; six weeks after a weakness was discovered in an early version of the algorithm and a new version was published, Conficker upgraded to the new MD6.
225:
Despite its wide propagation, the worm did not do much damage, perhaps because its authors – believed to have been
Ukrainian citizens – did not dare use it because of the attention it drew. Four men were arrested, and one pled guilty and was sentenced to four years in prison.
1402:
believed that the criminals abandoned
Conficker after it had spread much more widely than they assumed it would, reasoning that any attempt to use it would draw too much attention from law enforcement worldwide. This explanation is widely accepted in the cybersecurity field.
2668:
2629:
1406:
In 2011, working with the FBI, Ukrainian police arrested three
Ukrainians in relation to Conficker, but there are no records of them being prosecuted or convicted. A Swede, Mikael Sallnert, was sentenced to 48 months in prison in the U.S. after a guilty plea.
1415:
Due to the lock of the virus files against deletion as long as the system is running, the manual or automatic removal itself has to be performed during boot process or with an external system installed. Deleting any existing backup copy is a crucial step.
313:
on
October 23, 2008 to close the vulnerability, a large number of Windows PCs (estimated at 30%) remained unpatched as late as January 2009. A second variant of the virus, discovered in December 2008, added the ability to propagate over LANs through
235:
infected computers detected by its antimalware products has remained steady at around 1.7 million from mid-2010 to mid-2011. By mid-2015, the total number of infections had dropped to about 400,000, and it was estimated to be 500,000 in 2019.
953:
to NetBIOS-related DLLs to close MS08-067 and watch for re-infection attempts through the same vulnerability. Re-infection from more recent versions of
Conficker are allowed through, effectively turning the vulnerability into a propagation
1946:
895:(PRNG) seeded with the current date to ensure that every copy of the virus generates the same names each day. The virus then attempts an HTTP connection to each domain name in turn, expecting from any of them a signed payload.
1394:
1913:
334:
computer network, was infected with Conficker on 15 January 2009. The network was subsequently quarantined, forcing aircraft at several airbases to be grounded because their flight plans could not be downloaded.
2046:
1039:", which locks it from deletion even if the user is granted with administrator privileges. The virus stores a backup copy of this DLL disguised as a .jpg image in the Internet Explorer cache of the user
3032:
2235:
1171:
On 12 February 2009, Microsoft announced the formation of an industry group to collaboratively counter Conficker. The group, which has since been informally dubbed the Conficker Cabal, includes
364:
City Council's IT system caused an estimated £1.5m worth of disruption in February 2009. The use of USB flash drives was banned, as this was believed to be the vector for the initial infection.
929:(DDoS) on sites serving those domains. However the large number of generated domains and the fact that not every domain will be contacted for a given day will probably prevent DDoS situations.
1937:
1078:
Variant E of the virus was the first to use its base of infected computers for an ulterior purpose. It downloads and installs, from a web server hosted in Ukraine, two additional payloads:
3004:
2446:
2204:
2967:
371:
on 24 March 2009 that it had been infected with the virus. The memo, which was subsequently leaked, called for users to avoid connecting any unauthorised equipment to the network.
3847:
3064:
2312:
1904:
3521:
306:
Beta. While Windows 7 may have been affected by this vulnerability, the Windows 7 Beta was not publicly available until January 2009. Although Microsoft released an emergency
3471:
2558:
1066:. Processes matching a predefined list of antiviral, diagnostic or system patching tools are watched for and terminated. An in-memory patch is also applied to the system
3314:
2855:
1980:
3352:
2040:
3907:
3282:
2639:
1372:
By mid-April 2009 all domain names generated by Conficker A had been successfully locked or preemptively registered, rendering its update mechanism ineffective.
859:
To start itself at system boot, the virus saves a copy of its DLL form to a random filename in the Windows system or system32 folder, then adds registry keys to have
3374:
2818:
1883:
2739:
3257:
2078:
789:
Variants A, B, C and E exploit a vulnerability in the Server Service on Windows computers, in which an already-infected source computer uses a specially-crafted
2925:
2702:
2676:
1543:
2017:
1852:
3042:
3726:
1691:
2590:
2485:
1398:, a classified, peer-reviewed U.S. government cybersecurity publication, that they tracked the malware to a group of Ukrainian cybercriminals. Porras
2263:
3788:
2229:
1567:
2379:
2350:
1341:
domains expected to be generated by the virus over the following five weeks. NASK has also warned that worm traffic may unintentionally inflict a
2989:
2431:
2189:
1286:
ccTLD registry, blocked all the domain names informed by the Conficker Working Group and reviewed a hundred already registered from the worm list.
4408:
4038:
3970:
1482:
2104:
1726:
4740:
4382:
3199:
2408:
1504:
4033:
3130:
2132:
1432:
variants, while others remain active or, even worse, deliver a false positive to the removal software and become active with the next reboot.
3230:
3167:
3095:
1266:
250,000 reward for information leading to the arrest and conviction of the individuals behind the creation and/or distribution of Conficker.
2957:
4766:
4761:
4573:
3857:
3767:
1761:
2291:
2160:
1648:
4756:
4658:
4503:
3523:
Microsoft Collaborates With Industry to Disrupt Conficker Worm (Microsoft offers $ 250,000 reward for Conficker arrest and conviction.)
3074:
2318:
1392:
In 2015, Phil Porras, Vinod Yegneswaran and Hassan Saidi – who were the first to detect and reverse-engineer Conficker – wrote in the
4005:
3531:
1192:
4974:
4653:
4461:
3585:
3416:
1823:
1290:
3974:
1330:
4590:
3648:
2568:
1420:
1128:
3463:
3384:
3644:
1970:
1792:
1308:
879:
over the network. These payloads are used by the virus to update itself to newer variants, and to install additional malware.
368:
2861:
2828:
2749:
3610:
382:
as a precautionary measure; during that time, officers had to ask other forces to run routine checks on vehicles and people.
3346:
3913:
3292:
3101:
2935:
2128:
Microsoft Security Bulletin MS08-067 – Critical; Vulnerability in Server Service Could Allow Remote Code Execution (958644)
1490:
US-CERT has also made a network-based tool for detecting Conficker-infected hosts available to federal and state agencies.
1452:, allowing researchers to imitate the virus network's command packets and positively identify infected computers en-masse.
339:
3324:
2780:
2712:
1423:
to remove the virus, then applying the patch to prevent re-infection. Newer versions of Windows are immune to Conficker.
1357:
342:
reported that some of its major systems and desktops were infected. The virus had spread across administrative offices,
4375:
4059:
3670:
3885:
3826:
4585:
4513:
4105:
4055:
3494:
1873:
1589:
3942:
3552:
3441:
744:
Scans for and terminates processes with names of anti-malware, patch or diagnostic utilities at one-second intervals
679:
Scans for and terminates processes with names of anti-malware, patch or diagnostic utilities at one-second intervals
4845:
4684:
4028:
399:
variants respectively. This means that (CWG) B++ is equivalent to (MSFT) C and (CWG) C is equivalent to (MSFT) D.
274:
The first variant of Conficker, discovered in early November 2008, propagated through the Internet by exploiting a
3251:
2068:
821:
process. Attaching to those processes might be detected by the application trust feature of an installed firewall.
809:
between 1024 and 10000; the target shellcode connects back to this HTTP server to download a copy of the virus in
4001:
3105:
1018:-signed with a 1024-bit private key. The payload is unpacked and executed only if its signature verifies with a
836:
is attempted, potentially generating large amounts of network traffic and tripping user account lockout policies.
3704:
2009:
1846:
977:
for subsequent transfers of signed payloads. To make analysis more difficult, port numbers for connections are
210:
that was first detected in November 2008. It uses flaws in Windows OS software (MS08-067 / CVE-2008-4250) and
17:
4077:
1681:
5113:
4413:
4403:
4368:
3736:
1315:
974:
892:
2477:
5108:
4477:
3579:
2894:
2600:
2527:
922:
3134:
1561:
1470:
2340:
1070:
DLL to block lookups of hostnames related to antivirus software vendors and the Windows Update service.
346:
desktops aboard various Royal Navy warships and Royal Navy submarines, and hospitals across the city of
4600:
4580:
3157:
1238:
357:, the unified armed forces of Germany, reported that about one hundred of its computers were infected.
4776:
3798:
2373:
2257:
2100:
1519:
1514:
898:
Variant B increases the number of TLDs to eight, and has a generator tweaked to produce domain names
375:
275:
3189:
322:. Researchers believe that these were decisive factors in allowing the virus to propagate quickly.
5118:
4850:
4798:
4610:
4349:
2126:
1757:
1419:
Microsoft released a removal guide for the virus, and recommended using the current release of its
939:
379:
3220:
3109:
4917:
4876:
4625:
1716:
1136:
1089:
otherwise known to propagate through e-mail attachments. Waledac operates similarly to the 2008
1063:
1055:
1051:
1019:
1749:
1444:
discovered that Conficker-infected hosts have a detectable signature when scanned remotely. The
4943:
4938:
4529:
4508:
3757:
1640:
1614:
970:
303:
4319:
5031:
4933:
4907:
4648:
4143:
4098:
3966:
Technical Cyber Security Alert TA09-020A: Microsoft Windows Does Not Disable AutoRun Properly
1456:
1278:
registries affected by the virus's domain generator. Those which have taken action include:
1007:
790:
2400:
4969:
4482:
4344:
3995:
1263:
962:
955:
913:
825:
810:
2285:
2154:
847:(such as USB flash drives), from which they can then infect new hosts through the Windows
8:
4674:
3287:
1449:
1381:
1318:
registry, announced it was "taking action to protect internet addresses with the endings
299:
295:
176:
168:
3406:
1245:
Please help update this article to reflect recent events or newly available information.
4792:
4445:
4334:
3964:
3195:
1721:
1152:
1142:
1011:
965:
to push and pull payloads over the wider Internet. This aspect of the virus is heavily
943:
876:
367:
A memo from the Director of the UK Parliamentary ICT service informed the users of the
249:
1035:
The DLL- Form of the virus is protected against deletion by setting its ownership to "
4568:
4498:
4324:
4283:
4051:
1304:
ccTLD registry, blocked all the domain names informed by the Conficker Working Group.
950:
833:
310:
253:
211:
204:
1815:
1782:
378:
computer network was infected, leading to its disconnection for three days from the
4534:
4339:
4304:
4091:
4043:
1466:
1441:
1293:, the Canadian Internet Registration Authority, locked all previously-unregistered
1275:
1274:
ICANN has sought preemptive barring of domain transfers and registrations from all
1132:
1059:
910:
888:
818:
806:
411:
307:
207:
3638:
3616:
2789:
5057:
4719:
4699:
4679:
4669:
4218:
4208:
4153:
1787:
1463:
1120:
1100:
1015:
966:
917:
872:
844:
794:
315:
279:
1448:
command protocol used by variants D and E of the virus has since been partially
5083:
5026:
4990:
4786:
4605:
4309:
4288:
4278:
4233:
4223:
4188:
4158:
3853:
3380:
3320:
3070:
3000:
2931:
2824:
2745:
2708:
2672:
2635:
2523:
2442:
2200:
1200:
1196:
1156:
1124:
1082:
1067:
1047:
759:
361:
109:
81:
67:
726:
Uses custom protocol to scan for infected peers via UDP, then transfer via TCP
646:
Uses custom protocol to scan for infected peers via UDP, then transfer via TCP
5102:
5047:
4829:
4694:
4620:
4314:
4248:
4213:
4203:
4198:
4168:
4138:
3732:
3558:
3412:
3038:
2560:
Microsoft Malware Protection Center: Information about Worm:Win32/Conficker.D
1148:
Congestion on local area networks (ARP flood as consequence of network scan).
999:
978:
319:
291:
200:
172:
145:
88:
3676:
5021:
4709:
4704:
4555:
4253:
4228:
4173:
3879:
3820:
2522:
2473:
2345:
1712:
1687:
1445:
1297:
domain names expected to be generated by the virus over the next 12 months.
1212:
1208:
899:
598:
Creates named pipe to receive URL from remote host, then downloads from URL
587:
Downloads daily from 500 of 50,000 pseudorandom domains over 8 TLDs per day
283:
160:
3500:
775:
Removes self on 3 May 2009 (but leaves remaining copy of Conficker D)
395:
regularly released new variants to close the virus's own vulnerabilities.
4995:
4892:
4714:
4643:
4563:
4178:
4047:
3934:
3437:
2596:
1677:
1312:
884:
860:
814:
638:
Downloads daily from any 500 of 50,000 pseudorandom domains over 110 TLDs
331:
219:
116:
102:
3496:
Microsoft announces industry alliance, $ 250k reward to combat Conficker
817:. Variants B and later may attach instead to a running services.exe or
5000:
4615:
4540:
4439:
4360:
3612:
NIC-Panama colabora en esfuerzo mundial en contra del Gusano Conficker.
1509:
1090:
982:
935:
824:
Variants B and C can remotely execute copies of themselves through the
354:
287:
248:
The origin of the name Conficker is thought to be a combination of the
164:
3554:
NIC Chile participa en esfuerzo mundial en contra del gusano Conficker
1195:, Public Internet Registry, Global Domains International, M1D Global,
994:
To prevent payloads from being hijacked, variant A payloads are first
5052:
4273:
4064:
3938:
3794:
3763:
3698:
3527:
3467:
2963:
2564:
2074:
1547:
1345:
attack to legitimate domains which happen to be in the generated set.
1172:
1097:
798:
768:
668:
347:
3581:
CIRA working with international partners to counter Conficker C
2893:
Porras, Phillip; Saidi, Hassen; Yegneswaran, Vinod (19 March 2009),
5078:
5005:
4964:
4912:
4824:
4724:
4595:
4243:
4193:
4148:
3640:
SWITCH taking action to protect against the Conficker computer worm
3226:
1819:
1349:
1204:
1188:
969:
and not fully understood, but has been observed to use large-scale
801:
on the target computer. On the source computer, the virus runs an
74:
60:
1972:
Opening up a can of worms: Why won't Conficker just die, die, die?
4897:
4809:
4329:
4183:
1524:
1486:
1385:
1184:
1176:
1086:
848:
829:
762:
391:
3589:
2900:
2533:
2042:
Microsoft's US$ 5 million Reward for the Conficker Worm Creators
515:
Downloads daily from any of 250 pseudorandom domains over 8 TLDs
456:
Downloads daily from any of 250 pseudorandom domains over 5 TLDs
4948:
4689:
4635:
4263:
4238:
4114:
2589:
Macalintal, Ivan; Cepe, Joseph; Ferguson, Paul (7 April 2009),
2317:(in German), PC Professionell, 16 February 2009, archived from
1499:
1353:
1334:
718:
Patches MS08-067 to open reinfection backdoor in Server service
595:
Patches MS08-067 to open reinfection backdoor in Server service
523:
Patches MS08-067 to open reinfection backdoor in Server service
215:
123:
95:
46:
3728:
Conficker talk sanitized at Black Hat to protect investigation
3159:
Microsoft Collaborates With Industry to Disrupt Conficker Worm
4902:
4855:
4268:
4258:
4133:
3283:"Conficker Worm Awakens, Downloads Rogue Anti-virus Software"
3163:
2156:
Three in 10 Windows PCs still vulnerable to Conficker exploit
1976:
1180:
995:
906:
575:
Creates DLL-based AutoRun trojan on attached removable drives
503:
Creates DLL-based AutoRun trojan on attached removable drives
3997:
DHS Releases Conficker/Downadup Computer Worm Detection Tool
134:
4860:
2341:"Conficker left Manchester unable to issue traffic tickets"
1440:
On 27 March 2009, Felix Leder and Tillmann Werner from the
1342:
926:
802:
258:
53:
4083:
753:
Updates local copy of Conficker C to Conficker D
4128:
4072:, September 27, 2011; preliminarily covered by Bowden in
4069:
3253:
Malware Protection Center - Entry: Worm:Win32/Conficker.D
3063:
Leung, Kachun; Liu, Yana; Kiernan, Sean (10 April 2009),
2070:
Malware Protection Center - Entry: Worm:Win32/Conficker.A
1879:
1365:
1361:
1348:
On 2 April 2009, Island Networks, the ccTLD registry for
1338:
1323:
1319:
1301:
1294:
1283:
1023:
1003:
905:
To counter the virus's use of pseudorandom domain names,
2101:"Conficker worm still wreaking havoc on Windows systems"
1050:
points and disables a number of system services such as
214:
on administrator passwords to propagate while forming a
3615:(in Spanish), NIC-Panama, 27 March 2009, archived from
973:
scanning to build up a peer list of infected hosts and
942:
for downloadable payloads to other infected hosts on a
839:
Variants B and C place a copy of their DLL form in the
3557:(in Spanish), NIC Chile, 31 March 2009, archived from
2892:
2588:
1368:
names were in the set of names generated by the virus.
1356:, confirmed after investigations and liaison with the
1215:
Foundation, Arbor Networks, and Support Intelligence.
3935:"How to disable the Autorun functionality in Windows"
3034:
Conficker cashes in, installs spam bots and scareware
2314:
Conficker-Wurm infiziert hunderte Bundeswehr-Rechner
3276:
3274:
2631:
W32.Downadup.C Pseudo-Random Domain Name Generation
2526:; Hassen Saidi; Vinod Yegneswaran (19 March 2009),
2003:
2001:
1999:
1997:
1395:
Journal of Sensitive Cyber Research and Engineering
1116:
Account lockout policies being reset automatically.
907:
Internet Corporation for Assigned Names and Numbers
3026:
3024:
2990:"Connecting The Dots: Downadup/Conficker Variants"
2669:"Connecting The Dots: Downadup/Conficker Variants"
2401:"Conficker virus hits Manchester Police computers"
2259:MoD networks still malware-plagued after two weeks
1641:"Defying Experts, Rogue Computer Code Still Lurks"
1093:and is believed to be written by the same authors.
662:to block lookups of anti-malware related web sites
3790:Protect yourself from the Conficker computer worm
1939:Microsoft Security Intelligence Report: Volume 10
1906:Microsoft Security Intelligence Report: Volume 11
1590:"Microsoft Security Bulletin MS08-067 - Critical"
1563:Protect yourself from the Conficker computer worm
1241:may be compromised due to out-of-date information
863:invoke that DLL as an invisible network service.
706:Exploits MS08-067 vulnerability in Server service
560:Exploits MS08-067 vulnerability in Server service
488:Exploits MS08-067 vulnerability in Server service
438:Exploits MS08-067 vulnerability in Server service
5100:
3636:
3271:
1994:
1816:"Preemptive Blocklist and More Downadup Numbers"
1022:embedded in the virus. Variants B and later use
916:began in February 2009 a coordinated barring of
871:The virus has several mechanisms for pushing or
4060:"The 'Worm' That Could Bring Down The Internet"
3188:Leder, Felix; Werner, Tillmann (2 April 2009),
3062:
3021:
2779:Leder, Felix; Werner, Tillmann (7 April 2009),
2592:DOWNAD/Conficker Watch: New Variant in The Mix?
2231:French fighter planes grounded by computer worm
1848:Downadup Worm exposes millions of PCs to hijack
1483:United States Computer Emergency Readiness Team
3718:
3438:"Virus alert about the Win32/Conficker.B worm"
2854:Leung, Ka Chun; Kiernan, Sean (6 April 2009),
2662:
2660:
2658:
2656:
2552:
2550:
1717:"Worm Infects Millions of Computers Worldwide"
1505:Timeline of notable computer viruses and worms
4376:
4099:
3492:
3088:
2919:
2917:
2849:
2847:
2845:
2813:
2811:
2809:
2774:
2772:
2770:
2768:
2766:
2733:
2731:
2729:
2696:
2694:
2623:
2621:
2619:
2617:
2183:
2181:
2179:
2177:
2146:
1435:
3668:
3312:
2987:
2853:
2582:
2468:
2466:
2429:
2423:
2187:
1672:
1670:
1668:
1666:
1544:"Virus alert about the Win32/Conficker worm"
4062:, author interview (audio and transcript),
3909:Updated Conficker Detection Plugin Released
3840:
3696:
3464:"Virusencyclopedie: Worm:Win32/Conficker.B"
3187:
2988:Nahorney, Ben; Park, John (21 April 2009),
2981:
2949:
2778:
2741:Downadup: Peer-to-Peer Payload Distribution
2653:
2547:
2430:Nahorney, Ben; Park, John (13 March 2009),
2188:Nahorney, Ben; Park, John (13 March 2009),
2119:
1930:
1897:
1462:It can also be detected in passive mode by
1112:Symptoms of a Conficker infection include:
4383:
4369:
4106:
4092:
4034:Conficker Working Group -- Lessons Learned
3905:
3675:(in Polish), Webhosting.pl, archived from
3345:Higgins, Kelly Jackson (14 January 2009),
3306:
3056:
2959:Virus Encyclopedia: Worm:Win32/Conficker.E
2923:
2914:
2842:
2806:
2763:
2726:
2691:
2614:
2375:Leaked memo says Conficker pwns Parliament
2174:
350:reported infection of over 800 computers.
133:
3155:
2463:
1663:
1380:Working group members stated at the 2009
1262:On 13 February 2009, Microsoft offered a
1193:China Internet Network Information Center
832:. If the share is password-protected, a
4462:Sony BMG copy protection rootkit scandal
4390:
3849:W32.Downadup P2P Scanner Script for Nmap
2888:
2886:
2884:
2882:
2880:
2878:
2666:
2518:
2516:
2514:
2512:
2510:
2508:
2506:
2504:
2502:
2287:Conficker seizes city's hospital network
2283:
2255:
2227:
2038:
1813:
1747:
1705:
1587:
1410:
891:. The domain names are generated from a
756:Downloads and installs malware payload:
470:Updates self to Conficker B, C or D
3669:Bartosiewicz, Andrzej (31 March 2009),
3344:
2896:An Analysis of Conficker C (draft)
2472:
2098:
2010:"The Worm That Nearly Ate the Internet"
1750:"Experts bicker over Conficker numbers"
1711:
1638:
1426:
1421:Windows Malicious Software Removal Tool
1129:Background Intelligent Transfer Service
688:Downloads and installs Conficker E
14:
5101:
3724:
3404:
3372:
3156:Robertson, Andrew (12 February 2009),
3131:"Passwords used by the Conficker worm"
3030:
2452:from the original on 24 September 2015
2371:
2338:
2210:from the original on 24 September 2015
2152:
2039:Grigonis, Richard (13 February 2009),
2007:
1676:
949:Variants B, C and E perform in-memory
866:
4364:
4087:
3977:from the original on 24 February 2009
3877:
3822:Scanning for Conficker's peer to peer
3818:
3637:D'Alessandro, Marco (30 March 2009),
3376:Waledac – Guess which one is for you?
3280:
2970:from the original on 18 November 2016
2875:
2782:Know Your Enemy: Containing Conficker
2737:
2700:
2679:from the original on 14 December 2009
2499:
2478:"Computer Experts Unite to Hunt Worm"
2411:from the original on 17 December 2021
2382:from the original on 17 December 2021
2107:from the original on 20 February 2009
2099:Leffall, Jabulani (15 January 2009).
2049:from the original on 16 February 2009
1963:
1844:
1729:from the original on 25 February 2020
1694:from the original on 28 February 2012
1145:responding slowly to client requests.
542:Updates self to Conficker C or D
3770:from the original on 7 November 2012
3493:O'Donnell, Adam (12 February 2009),
3444:from the original on 22 January 2009
3419:from the original on 5 February 2010
3355:from the original on 4 February 2009
3102:Common Vulnerabilities and Exposures
2924:Fitzgerald, Patrick (9 April 2009),
2627:
2488:from the original on 4 December 2016
2066:
1983:from the original on 18 January 2017
1919:from the original on 18 October 2011
1855:from the original on 21 January 2009
1795:from the original on 16 January 2009
1222:
927:distributed denial-of-service attack
783:
390:Although almost all of the advanced
3707:from the original on 16 August 2009
3700:Conficker.A DNS Rendezvous Analysis
3313:O'Murchu, Liam (23 December 2008),
2899:, SRI International, archived from
2556:
2532:, SRI International, archived from
2353:from the original on 10 August 2017
2284:Williams, Chris (20 January 2009),
2256:Williams, Chris (20 January 2009),
1952:from the original on 6 October 2011
1783:"Clock ticking on worm attack code"
1389:downloaded from a host in Ukraine.
325:
24:
4008:from the original on 5 August 2012
3912:, Tenable Security, archived from
3829:from the original on 24 April 2009
3530:, 12 February 2009, archived from
3233:from the original on 29 March 2009
3170:from the original on 19 March 2009
3010:from the original on 12 March 2014
2955:
2788:, HoneyNet Project, archived from
2642:from the original on 16 March 2018
2238:from the original on 10 March 2009
1814:Sullivan, Sean (16 January 2009).
1764:from the original on 16 April 2009
1748:McMillan, Robert (15 April 2009),
1455:Signature updates for a number of
1337:ccTLD registry, locked over 7,000
1326:from the Conficker computer worm."
1300:On 27 March 2009, NIC-Panama, the
1269:
961:Variants D and E create an ad-hoc
883:Variant A generates a list of 250
340:United Kingdom Ministry of Defence
25:
5130:
4044:Worm: The First Digital World War
4022:
3945:from the original on 3 March 2015
3906:Asadoorian, Paul (1 April 2009),
3888:from the original on 2 April 2009
3697:Maniscalchi, Jago (7 June 2009),
3651:from the original on 2 April 2009
3373:Coogan, Peter (23 January 2009),
3202:from the original on 3 April 2009
3194:, Institute of Computer Science,
2294:from the original on 2 April 2009
2266:from the original on 2 April 2009
2228:Willsher, Kim (7 February 2009),
2163:from the original on 1 April 2009
2135:from the original on 9 April 2010
2081:from the original on 18 June 2009
2020:from the original on 30 June 2019
1886:from the original on 2 April 2009
1826:from the original on 2 March 2009
1570:from the original on 27 June 2009
1282:On 13 March 2009, NIC Chile, the
1218:
3881:Scanning for Conficker with Nmap
3474:from the original on 18 May 2017
3260:from the original on 2 June 2009
3066:W32.Downadup.E Technical Details
2857:W32.Downadup.C Technical Details
2701:Chien, Eric (18 February 2009),
2153:Leyden, John (19 January 2009),
1845:Neild, Barry (16 January 2009),
1651:from the original on 18 May 2017
1639:Markoff, John (26 August 2009).
1227:
813:form, which it then attaches to
617:Updates self to Conficker D
4002:Department of Homeland Security
3988:
3957:
3927:
3899:
3878:Bowes, Ronald (30 March 2009),
3871:
3856:, 22 April 2009, archived from
3812:
3797:, 27 March 2009, archived from
3781:
3759:Malicious Software Removal Tool
3750:
3690:
3662:
3630:
3603:
3588:, 24 March 2009, archived from
3572:
3545:
3514:
3486:
3456:
3430:
3398:
3366:
3338:
3244:
3213:
3181:
3149:
3123:
3106:Department of Homeland Security
2827:, 20 March 2009, archived from
2738:Chien, Eric (19 January 2009),
2667:Nahorney, Ben (21 April 2009).
2393:
2365:
2332:
2305:
2277:
2249:
2234:, London: The Daily Telegraph,
2221:
2092:
2060:
2032:
1866:
1838:
1807:
1485:(US-CERT) recommends disabling
1030:
3440:. Microsoft. 15 January 2009.
3405:Gostev, Aleks (9 April 2009),
3281:Krebs, Brian (10 April 2009),
3031:Keizer, Gregg (9 April 2009),
2557:Tiu, Vincent (27 March 2009),
2372:Leyden, John (27 March 2009),
1775:
1741:
1632:
1607:
1581:
1554:
1536:
1159:service becoming inaccessible.
1046:Variant C of the virus resets
893:pseudo-random number generator
851:mechanism using a manipulated
13:
1:
3348:Storm Botnet Makes A Comeback
3316:W32.Waledac Technical Details
3108:, 4 June 2008, archived from
2927:W32.Downadup.E—Back to Basics
2008:Bowden, Mark (29 June 2019).
1530:
1457:network scanning applications
1073:
229:
4793:Kaminsky DNS cache poisoning
4537:(findings published in 2010)
3819:Bowes, Ron (21 April 2009),
3725:Greene, Tim (31 July 2009),
2704:Downadup: Locking Itself Out
2628:Park, John (27 March 2009),
2339:Leyden, John (1 July 2009).
2103:. Government Computer News.
1875:Virus strikes 15 million PCs
385:
269:
7:
4113:
2820:W32.Downadup.C Bolsters P2P
1566:, Microsoft, 9 April 2009,
1493:
1166:
1107:
1010:with the 512-bit hash as a
989:
658:Does an in-memory patch of
655:Blocks certain DNS lookups
10:
5135:
1476:
1436:Automated remote detection
828:on computers visible over
735:Blocks certain DNS lookups
607:Blocks certain DNS lookups
532:Blocks certain DNS lookups
238:
5066:
5040:
5014:
4983:
4957:
4926:
4885:
4869:
4838:
4817:
4808:
4775:
4749:
4733:
4634:
4554:
4522:
4491:
4470:
4454:
4432:
4425:
4396:
4297:
4121:
2432:"Propagation by AutoPlay"
2190:"Propagation by AutoPlay"
2131:, Microsoft Corporation,
1520:Zombie (computer science)
1515:Network Access Protection
1375:
1162:User accounts locked out.
938:, over which it can push
376:Greater Manchester Police
252:term "configure" and the
156:
151:
141:
132:
101:Win32.Worm.Downadup.Gen (
39:
34:
3133:. Sophos. Archived from
2529:An Analysis of Conficker
1791:. BBC. 20 January 2009.
1588:BetaFred (8 June 2023).
1207:, ISC, researchers from
1052:Windows Automatic Update
380:Police National Computer
353:On 2 February 2009, the
87:Net-Worm.Win32.Kido.bt (
4514:US military cyberattack
4504:Cyberattacks on Georgia
4478:Cyberattacks on Estonia
4029:Conficker Working Group
3499:, ZDNet, archived from
1137:Windows Error Reporting
1064:Windows Error Reporting
1056:Windows Security Center
243:
4509:Sarah Palin email hack
887:every day across five
304:Windows Server 2008 R2
4649:Jeanson James Ancheta
3672:Jak działa Conficker?
3408:The neverending story
2045:, IP Communications,
1615:"CVE - CVE-2008-4250"
1411:Removal and detection
1151:Web sites related to
563:Dictionary attack on
491:Dictionary attack on
374:In January 2010, the
5114:Hacking in the 2000s
4483:Operation: Bot Roast
4391:Hacking in the 2000s
4345:Operation: Bot Roast
3916:on 26 September 2010
3191:Containing Conficker
1427:Third-party software
1014:. The hash is then
963:peer-to-peer network
934:Variant C creates a
909:(ICANN) and several
452:trafficconverter.biz
94:W32/Conficker.worm (
5109:Exploit-based worms
4039:Conficker Eye Chart
3973:, 29 January 2009,
3860:on 17 December 2012
3766:, 11 January 2005,
3534:on 15 February 2009
3387:on 17 December 2012
3288:The Washington Post
2938:on 17 December 2012
2903:on 14 February 2009
2831:on 17 December 2012
2752:on 17 December 2012
2715:on 17 December 2012
2536:on 14 February 2009
2407:. 2 February 2010.
1945:, Microsoft, 2010,
1912:, Microsoft, 2011,
1882:, 26 January 2009,
1715:(22 January 2009).
1594:learn.microsoft.com
1459:are now available.
1382:Black Hat Briefings
1096:SpyProtect 2009, a
867:Payload propagation
793:request to force a
741:Kills anti-malware
738:Disables AutoUpdate
676:Kills anti-malware
673:Disables AutoUpdate
610:Disables AutoUpdate
535:Disables AutoUpdate
416:Update propagation
300:Windows Server 2008
296:Windows Server 2003
177:Windows 2008 Server
169:Windows 2003 Server
59:Win32/Conficker.A (
52:Win32/Conficker.A (
4446:Operation Firewall
4335:Man-in-the-browser
4078:"The Enemy Within"
3739:on 27 January 2010
3703:, Digital Threat,
3196:University of Bonn
3137:on 21 January 2009
3112:on 13 January 2013
2997:The Downadup Codex
2603:on 31 January 2010
2482:The New York Times
2439:The Downadup Codex
2197:The Downadup Codex
2067:Phillips, Joshua,
2014:The New York Times
1722:The New York Times
1645:The New York Times
1450:reverse-engineered
1329:On 31 March 2009,
1307:On 30 March 2009,
1289:On 24 March 2009,
1153:antivirus software
1143:Domain controllers
1119:Certain Microsoft
967:obfuscated in code
944:local area network
212:dictionary attacks
5096:
5095:
5092:
5091:
4574:associated events
4550:
4549:
4499:Project Chanology
4420:
4419:
4358:
4357:
4325:Internet security
4076:magazine article
4004:, 30 March 2009,
3941:. 27 March 2009.
3884:, SkullSecurity,
3825:, SkullSecurity,
3229:, 11 March 2009,
3222:Win32/Conficker.C
2476:(19 March 2009),
1467:broadcast domains
1260:
1259:
1125:Automatic Updates
902:from those of A.
834:dictionary attack
784:Initial infection
781:
780:
412:Infection vectors
205:Microsoft Windows
182:
181:
152:Technical details
45:Mal/Conficker-A (
16:(Redirected from
5126:
4815:
4814:
4666:str0ke (milw0rm)
4535:Operation Aurora
4430:
4429:
4399:
4398:
4385:
4378:
4371:
4362:
4361:
4340:Network security
4305:Browser security
4108:
4101:
4094:
4085:
4084:
4017:
4016:
4015:
4013:
3992:
3986:
3985:
3984:
3982:
3961:
3955:
3954:
3952:
3950:
3931:
3925:
3924:
3923:
3921:
3903:
3897:
3896:
3895:
3893:
3875:
3869:
3868:
3867:
3865:
3844:
3838:
3837:
3836:
3834:
3816:
3810:
3809:
3808:
3806:
3785:
3779:
3778:
3777:
3775:
3754:
3748:
3747:
3746:
3744:
3735:, archived from
3722:
3716:
3715:
3714:
3712:
3694:
3688:
3687:
3686:
3684:
3666:
3660:
3659:
3658:
3656:
3634:
3628:
3627:
3626:
3624:
3607:
3601:
3600:
3599:
3597:
3592:on 29 April 2009
3576:
3570:
3569:
3568:
3566:
3549:
3543:
3542:
3541:
3539:
3518:
3512:
3511:
3510:
3508:
3503:on 19 March 2009
3490:
3484:
3483:
3481:
3479:
3460:
3454:
3453:
3451:
3449:
3434:
3428:
3427:
3426:
3424:
3402:
3396:
3395:
3394:
3392:
3383:, archived from
3370:
3364:
3363:
3362:
3360:
3342:
3336:
3335:
3334:
3332:
3327:on 22 April 2009
3323:, archived from
3310:
3304:
3303:
3302:
3300:
3291:, archived from
3278:
3269:
3268:
3267:
3265:
3248:
3242:
3241:
3240:
3238:
3217:
3211:
3210:
3209:
3207:
3185:
3179:
3178:
3177:
3175:
3153:
3147:
3146:
3144:
3142:
3127:
3121:
3120:
3119:
3117:
3092:
3086:
3085:
3084:
3082:
3077:on 16 April 2009
3073:, archived from
3060:
3054:
3053:
3052:
3050:
3045:on 17 April 2009
3041:, archived from
3028:
3019:
3018:
3017:
3015:
3009:
2999:(2.0 ed.),
2994:
2985:
2979:
2978:
2977:
2975:
2953:
2947:
2946:
2945:
2943:
2934:, archived from
2921:
2912:
2911:
2910:
2908:
2890:
2873:
2872:
2871:
2869:
2860:, archived from
2851:
2840:
2839:
2838:
2836:
2815:
2804:
2803:
2802:
2800:
2794:
2787:
2776:
2761:
2760:
2759:
2757:
2748:, archived from
2735:
2724:
2723:
2722:
2720:
2711:, archived from
2698:
2689:
2688:
2686:
2684:
2664:
2651:
2650:
2649:
2647:
2625:
2612:
2611:
2610:
2608:
2599:, archived from
2586:
2580:
2579:
2578:
2576:
2571:on 31 March 2009
2567:, archived from
2554:
2545:
2544:
2543:
2541:
2520:
2497:
2496:
2495:
2493:
2470:
2461:
2460:
2459:
2457:
2451:
2436:
2427:
2421:
2420:
2418:
2416:
2397:
2391:
2390:
2389:
2387:
2378:, The Register,
2369:
2363:
2362:
2360:
2358:
2336:
2330:
2329:
2328:
2326:
2321:on 21 March 2009
2309:
2303:
2302:
2301:
2299:
2290:, The Register,
2281:
2275:
2274:
2273:
2271:
2262:, The Register,
2253:
2247:
2246:
2245:
2243:
2225:
2219:
2218:
2217:
2215:
2209:
2194:
2185:
2172:
2171:
2170:
2168:
2159:, The Register,
2150:
2144:
2143:
2142:
2140:
2123:
2117:
2116:
2114:
2112:
2096:
2090:
2089:
2088:
2086:
2064:
2058:
2057:
2056:
2054:
2036:
2030:
2029:
2027:
2025:
2005:
1992:
1991:
1990:
1988:
1979:, 10 June 2015,
1967:
1961:
1960:
1959:
1957:
1951:
1944:
1934:
1928:
1927:
1926:
1924:
1918:
1911:
1901:
1895:
1894:
1893:
1891:
1870:
1864:
1863:
1862:
1860:
1842:
1836:
1835:
1833:
1831:
1811:
1805:
1804:
1802:
1800:
1779:
1773:
1772:
1771:
1769:
1745:
1739:
1738:
1736:
1734:
1709:
1703:
1702:
1701:
1699:
1683:The Enemy Within
1674:
1661:
1660:
1658:
1656:
1636:
1630:
1629:
1627:
1625:
1611:
1605:
1604:
1602:
1600:
1585:
1579:
1578:
1577:
1575:
1558:
1552:
1551:
1540:
1442:Honeynet Project
1255:
1252:
1246:
1239:factual accuracy
1231:
1230:
1223:
1133:Windows Defender
1121:Windows services
1060:Windows Defender
1041:network services
843:of any attached
819:Windows Explorer
767:SpyProtect 2009
695:Conficker E
661:
624:Conficker D
572:Removable media
566:
549:Conficker C
500:Removable media
494:
477:Conficker B
453:
427:Conficker A
402:
401:
369:House of Commons
360:An infection of
326:Impact in Europe
256:pejorative term
208:operating system
187:, also known as
137:
73:W32/Downadup.A (
32:
31:
21:
5134:
5133:
5129:
5128:
5127:
5125:
5124:
5123:
5119:Windows malware
5099:
5098:
5097:
5088:
5062:
5036:
5010:
4979:
4953:
4922:
4881:
4865:
4846:Anna Kournikova
4834:
4804:
4779:
4777:Vulnerabilities
4771:
4745:
4729:
4720:Dmitry Sklyarov
4700:Albert Gonzalez
4630:
4546:
4518:
4487:
4466:
4450:
4421:
4392:
4389:
4359:
4354:
4293:
4122:Notable botnets
4117:
4112:
4025:
4020:
4011:
4009:
3994:
3993:
3989:
3980:
3978:
3963:
3962:
3958:
3948:
3946:
3933:
3932:
3928:
3919:
3917:
3904:
3900:
3891:
3889:
3876:
3872:
3863:
3861:
3846:
3845:
3841:
3832:
3830:
3817:
3813:
3804:
3802:
3801:on 3 April 2009
3787:
3786:
3782:
3773:
3771:
3756:
3755:
3751:
3742:
3740:
3723:
3719:
3710:
3708:
3695:
3691:
3682:
3680:
3679:on 25 July 2011
3667:
3663:
3654:
3652:
3635:
3631:
3622:
3620:
3619:on 27 July 2011
3609:
3608:
3604:
3595:
3593:
3578:
3577:
3573:
3564:
3562:
3561:on 8 April 2009
3551:
3550:
3546:
3537:
3535:
3520:
3519:
3515:
3506:
3504:
3491:
3487:
3477:
3475:
3462:
3461:
3457:
3447:
3445:
3436:
3435:
3431:
3422:
3420:
3403:
3399:
3390:
3388:
3371:
3367:
3358:
3356:
3351:, DarkReading,
3343:
3339:
3330:
3328:
3311:
3307:
3298:
3296:
3279:
3272:
3263:
3261:
3250:
3249:
3245:
3236:
3234:
3219:
3218:
3214:
3205:
3203:
3186:
3182:
3173:
3171:
3154:
3150:
3140:
3138:
3129:
3128:
3124:
3115:
3113:
3094:
3093:
3089:
3080:
3078:
3061:
3057:
3048:
3046:
3029:
3022:
3013:
3011:
3007:
2992:
2986:
2982:
2973:
2971:
2956:Putnam, Aaron,
2954:
2950:
2941:
2939:
2922:
2915:
2906:
2904:
2891:
2876:
2867:
2865:
2864:on 2 April 2009
2852:
2843:
2834:
2832:
2817:
2816:
2807:
2798:
2796:
2795:on 12 June 2010
2792:
2785:
2777:
2764:
2755:
2753:
2736:
2727:
2718:
2716:
2699:
2692:
2682:
2680:
2665:
2654:
2645:
2643:
2626:
2615:
2606:
2604:
2587:
2583:
2574:
2572:
2555:
2548:
2539:
2537:
2521:
2500:
2491:
2489:
2471:
2464:
2455:
2453:
2449:
2434:
2428:
2424:
2414:
2412:
2399:
2398:
2394:
2385:
2383:
2370:
2366:
2356:
2354:
2337:
2333:
2324:
2322:
2311:
2310:
2306:
2297:
2295:
2282:
2278:
2269:
2267:
2254:
2250:
2241:
2239:
2226:
2222:
2213:
2211:
2207:
2192:
2186:
2175:
2166:
2164:
2151:
2147:
2138:
2136:
2125:
2124:
2120:
2110:
2108:
2097:
2093:
2084:
2082:
2065:
2061:
2052:
2050:
2037:
2033:
2023:
2021:
2006:
1995:
1986:
1984:
1969:
1968:
1964:
1955:
1953:
1949:
1942:
1936:
1935:
1931:
1922:
1920:
1916:
1909:
1903:
1902:
1898:
1889:
1887:
1872:
1871:
1867:
1858:
1856:
1843:
1839:
1829:
1827:
1812:
1808:
1798:
1796:
1788:BBC News Online
1781:
1780:
1776:
1767:
1765:
1746:
1742:
1732:
1730:
1710:
1706:
1697:
1695:
1675:
1664:
1654:
1652:
1637:
1633:
1623:
1621:
1613:
1612:
1608:
1598:
1596:
1586:
1582:
1573:
1571:
1560:
1559:
1555:
1542:
1541:
1537:
1533:
1496:
1479:
1438:
1429:
1413:
1378:
1272:
1270:From registries
1256:
1250:
1247:
1244:
1236:This article's
1232:
1228:
1221:
1169:
1110:
1101:rogue antivirus
1076:
1033:
992:
869:
845:removable media
795:buffer overflow
786:
659:
564:
492:
451:
450:Downloads from
408:Detection date
388:
328:
316:removable media
280:network service
272:
246:
241:
232:
122:Worm.Downadup (
28:
23:
22:
15:
12:
11:
5:
5132:
5122:
5121:
5116:
5111:
5094:
5093:
5090:
5089:
5087:
5086:
5081:
5076:
5070:
5068:
5064:
5063:
5061:
5060:
5055:
5050:
5044:
5042:
5038:
5037:
5035:
5034:
5032:Black Energy 1
5029:
5024:
5018:
5016:
5012:
5011:
5009:
5008:
5003:
4998:
4993:
4987:
4985:
4981:
4980:
4978:
4977:
4972:
4967:
4961:
4959:
4955:
4954:
4952:
4951:
4946:
4941:
4936:
4930:
4928:
4924:
4923:
4921:
4920:
4915:
4910:
4905:
4900:
4895:
4889:
4887:
4883:
4882:
4880:
4879:
4873:
4871:
4867:
4866:
4864:
4863:
4858:
4853:
4848:
4842:
4840:
4836:
4835:
4833:
4832:
4827:
4821:
4819:
4812:
4806:
4805:
4803:
4802:
4796:
4790:
4787:Shatter attack
4783:
4781:
4773:
4772:
4770:
4769:
4764:
4759:
4753:
4751:
4750:Hacking forums
4747:
4746:
4744:
4743:
4737:
4735:
4731:
4730:
4728:
4727:
4722:
4717:
4712:
4707:
4702:
4697:
4692:
4687:
4682:
4677:
4672:
4667:
4664:
4661:
4656:
4651:
4646:
4640:
4638:
4632:
4631:
4629:
4628:
4623:
4618:
4613:
4608:
4606:PLA Unit 61398
4603:
4598:
4593:
4588:
4583:
4578:
4577:
4576:
4566:
4560:
4558:
4552:
4551:
4548:
4547:
4545:
4544:
4538:
4532:
4530:Operation Troy
4526:
4524:
4520:
4519:
4517:
4516:
4511:
4506:
4501:
4495:
4493:
4489:
4488:
4486:
4485:
4480:
4474:
4472:
4468:
4467:
4465:
4464:
4458:
4456:
4452:
4451:
4449:
4448:
4443:
4436:
4434:
4427:
4423:
4422:
4418:
4417:
4411:
4406:
4397:
4394:
4393:
4388:
4387:
4380:
4373:
4365:
4356:
4355:
4353:
4352:
4347:
4342:
4337:
4332:
4327:
4322:
4317:
4312:
4310:Computer virus
4307:
4301:
4299:
4295:
4294:
4292:
4291:
4286:
4281:
4276:
4271:
4266:
4261:
4256:
4251:
4246:
4241:
4236:
4231:
4226:
4221:
4216:
4211:
4206:
4201:
4196:
4191:
4186:
4181:
4176:
4171:
4166:
4161:
4156:
4151:
4146:
4141:
4136:
4131:
4125:
4123:
4119:
4118:
4111:
4110:
4103:
4096:
4088:
4082:
4081:
4041:
4036:
4031:
4024:
4023:External links
4021:
4019:
4018:
3987:
3956:
3926:
3898:
3870:
3839:
3811:
3780:
3749:
3717:
3689:
3661:
3629:
3602:
3571:
3544:
3513:
3485:
3455:
3429:
3397:
3365:
3337:
3305:
3295:on 15 May 2011
3270:
3243:
3212:
3180:
3148:
3122:
3087:
3055:
3020:
3003:, p. 47,
2980:
2948:
2913:
2874:
2841:
2805:
2762:
2725:
2690:
2652:
2613:
2581:
2546:
2524:Phillip Porras
2498:
2462:
2422:
2392:
2364:
2331:
2304:
2276:
2248:
2220:
2203:, p. 32,
2173:
2145:
2118:
2091:
2059:
2031:
1993:
1962:
1929:
1896:
1865:
1837:
1806:
1774:
1740:
1704:
1662:
1631:
1606:
1580:
1553:
1534:
1532:
1529:
1528:
1527:
1522:
1517:
1512:
1507:
1502:
1495:
1492:
1478:
1475:
1469:for repeating
1437:
1434:
1428:
1425:
1412:
1409:
1377:
1374:
1370:
1369:
1346:
1327:
1305:
1298:
1287:
1271:
1268:
1258:
1257:
1235:
1233:
1226:
1220:
1219:From Microsoft
1217:
1197:America Online
1168:
1165:
1164:
1163:
1160:
1157:Windows Update
1149:
1146:
1140:
1117:
1109:
1106:
1105:
1104:
1094:
1075:
1072:
1048:System Restore
1032:
1029:
991:
988:
987:
986:
959:
947:
932:
931:
930:
896:
868:
865:
857:
856:
837:
822:
785:
782:
779:
778:
777:
776:
773:
772:
771:
765:
754:
749:
748:
747:
746:
745:
739:
736:
731:
730:
729:
728:
727:
723:P2P push/pull
721:
720:
719:
711:
710:
709:
708:
707:
699:
696:
692:
691:
690:
689:
684:
683:
682:
681:
680:
674:
671:
665:
664:
663:
651:
650:
649:
648:
647:
643:P2P push/pull
641:
640:
639:
631:
628:
625:
621:
620:
619:
618:
613:
612:
611:
608:
603:
602:
601:
600:
599:
596:
590:
589:
588:
580:
579:
578:
577:
576:
570:
569:
568:
561:
553:
550:
546:
545:
544:
543:
538:
537:
536:
533:
528:
527:
526:
525:
524:
518:
517:
516:
508:
507:
506:
505:
504:
498:
497:
496:
489:
481:
478:
474:
473:
472:
471:
466:
461:
460:
459:
458:
457:
454:
443:
442:
441:
440:
439:
431:
428:
424:
423:
420:
417:
414:
409:
406:
387:
384:
330:Intramar, the
327:
324:
320:network shares
282:(MS08-067) on
271:
268:
245:
242:
240:
237:
231:
228:
203:targeting the
180:
179:
158:
154:
153:
149:
148:
143:
139:
138:
130:
129:
128:
127:
120:
113:
106:
99:
92:
85:
78:
71:
66:W32.Downadup (
64:
57:
50:
41:
40:Technical name
37:
36:
26:
18:Conficker worm
9:
6:
4:
3:
2:
5131:
5120:
5117:
5115:
5112:
5110:
5107:
5106:
5104:
5085:
5082:
5080:
5077:
5075:
5072:
5071:
5069:
5065:
5059:
5056:
5054:
5051:
5049:
5046:
5045:
5043:
5039:
5033:
5030:
5028:
5025:
5023:
5020:
5019:
5017:
5013:
5007:
5004:
5002:
4999:
4997:
4994:
4992:
4989:
4988:
4986:
4982:
4976:
4973:
4971:
4968:
4966:
4963:
4962:
4960:
4956:
4950:
4947:
4945:
4942:
4940:
4937:
4935:
4932:
4931:
4929:
4925:
4919:
4916:
4914:
4911:
4909:
4906:
4904:
4901:
4899:
4896:
4894:
4891:
4890:
4888:
4884:
4878:
4875:
4874:
4872:
4868:
4862:
4859:
4857:
4854:
4852:
4849:
4847:
4844:
4843:
4841:
4837:
4831:
4828:
4826:
4823:
4822:
4820:
4816:
4813:
4811:
4807:
4800:
4797:
4794:
4791:
4788:
4785:
4784:
4782:
4778:
4774:
4768:
4765:
4763:
4760:
4758:
4755:
4754:
4752:
4748:
4742:
4739:
4738:
4736:
4732:
4726:
4723:
4721:
4718:
4716:
4713:
4711:
4708:
4706:
4703:
4701:
4698:
4696:
4693:
4691:
4688:
4686:
4683:
4681:
4678:
4676:
4673:
4671:
4668:
4665:
4662:
4660:
4657:
4655:
4652:
4650:
4647:
4645:
4642:
4641:
4639:
4637:
4633:
4627:
4624:
4622:
4621:World of Hell
4619:
4617:
4614:
4612:
4609:
4607:
4604:
4602:
4599:
4597:
4594:
4592:
4589:
4587:
4584:
4582:
4579:
4575:
4572:
4571:
4570:
4567:
4565:
4562:
4561:
4559:
4557:
4553:
4542:
4539:
4536:
4533:
4531:
4528:
4527:
4525:
4521:
4515:
4512:
4510:
4507:
4505:
4502:
4500:
4497:
4496:
4494:
4490:
4484:
4481:
4479:
4476:
4475:
4473:
4469:
4463:
4460:
4459:
4457:
4453:
4447:
4444:
4441:
4438:
4437:
4435:
4431:
4428:
4424:
4416: →
4415:
4412:
4410:
4407:
4405:
4402:←
4401:
4400:
4395:
4386:
4381:
4379:
4374:
4372:
4367:
4366:
4363:
4351:
4348:
4346:
4343:
4341:
4338:
4336:
4333:
4331:
4328:
4326:
4323:
4321:
4318:
4316:
4315:Computer worm
4313:
4311:
4308:
4306:
4303:
4302:
4300:
4298:Main articles
4296:
4290:
4287:
4285:
4282:
4280:
4277:
4275:
4272:
4270:
4267:
4265:
4262:
4260:
4257:
4255:
4252:
4250:
4247:
4245:
4242:
4240:
4237:
4235:
4232:
4230:
4227:
4225:
4222:
4220:
4217:
4215:
4212:
4210:
4207:
4205:
4202:
4200:
4197:
4195:
4192:
4190:
4187:
4185:
4182:
4180:
4177:
4175:
4172:
4170:
4167:
4165:
4162:
4160:
4157:
4155:
4152:
4150:
4147:
4145:
4142:
4140:
4137:
4135:
4132:
4130:
4127:
4126:
4124:
4120:
4116:
4109:
4104:
4102:
4097:
4095:
4090:
4089:
4086:
4079:
4075:
4071:
4067:
4066:
4061:
4057:
4056:0-8021-1983-2
4053:
4049:
4045:
4042:
4040:
4037:
4035:
4032:
4030:
4027:
4026:
4007:
4003:
3999:
3998:
3991:
3976:
3972:
3968:
3967:
3960:
3944:
3940:
3936:
3930:
3915:
3911:
3910:
3902:
3887:
3883:
3882:
3874:
3859:
3855:
3851:
3850:
3843:
3828:
3824:
3823:
3815:
3800:
3796:
3792:
3791:
3784:
3769:
3765:
3761:
3760:
3753:
3738:
3734:
3733:Network World
3730:
3729:
3721:
3706:
3702:
3701:
3693:
3678:
3674:
3673:
3665:
3650:
3646:
3642:
3641:
3633:
3618:
3614:
3613:
3606:
3591:
3587:
3583:
3582:
3575:
3560:
3556:
3555:
3548:
3533:
3529:
3525:
3524:
3517:
3502:
3498:
3497:
3489:
3473:
3469:
3465:
3459:
3443:
3439:
3433:
3418:
3414:
3413:Kaspersky Lab
3410:
3409:
3401:
3386:
3382:
3378:
3377:
3369:
3354:
3350:
3349:
3341:
3326:
3322:
3318:
3317:
3309:
3294:
3290:
3289:
3284:
3277:
3275:
3259:
3256:, Microsoft,
3255:
3254:
3247:
3232:
3228:
3224:
3223:
3216:
3201:
3197:
3193:
3192:
3184:
3169:
3165:
3161:
3160:
3152:
3136:
3132:
3126:
3111:
3107:
3103:
3099:
3098:
3097:Cve-2008-4250
3091:
3076:
3072:
3068:
3067:
3059:
3044:
3040:
3039:Computerworld
3036:
3035:
3027:
3025:
3006:
3002:
2998:
2991:
2984:
2969:
2965:
2961:
2960:
2952:
2937:
2933:
2929:
2928:
2920:
2918:
2902:
2898:
2897:
2889:
2887:
2885:
2883:
2881:
2879:
2863:
2859:
2858:
2850:
2848:
2846:
2830:
2826:
2822:
2821:
2814:
2812:
2810:
2791:
2784:
2783:
2775:
2773:
2771:
2769:
2767:
2751:
2747:
2743:
2742:
2734:
2732:
2730:
2714:
2710:
2706:
2705:
2697:
2695:
2678:
2674:
2670:
2663:
2661:
2659:
2657:
2641:
2637:
2633:
2632:
2624:
2622:
2620:
2618:
2602:
2598:
2594:
2593:
2585:
2570:
2566:
2562:
2561:
2553:
2551:
2535:
2531:
2530:
2525:
2519:
2517:
2515:
2513:
2511:
2509:
2507:
2505:
2503:
2487:
2483:
2479:
2475:
2474:Markoff, John
2469:
2467:
2448:
2445:, p. 2,
2444:
2440:
2433:
2426:
2410:
2406:
2402:
2396:
2381:
2377:
2376:
2368:
2352:
2348:
2347:
2342:
2335:
2320:
2316:
2315:
2308:
2293:
2289:
2288:
2280:
2265:
2261:
2260:
2252:
2237:
2233:
2232:
2224:
2206:
2202:
2198:
2191:
2184:
2182:
2180:
2178:
2162:
2158:
2157:
2149:
2134:
2130:
2129:
2122:
2106:
2102:
2095:
2080:
2076:
2072:
2071:
2063:
2048:
2044:
2043:
2035:
2019:
2015:
2011:
2004:
2002:
2000:
1998:
1982:
1978:
1974:
1973:
1966:
1948:
1941:
1940:
1933:
1915:
1908:
1907:
1900:
1885:
1881:
1877:
1876:
1869:
1854:
1850:
1849:
1841:
1825:
1821:
1817:
1810:
1794:
1790:
1789:
1784:
1778:
1763:
1759:
1755:
1751:
1744:
1728:
1724:
1723:
1718:
1714:
1713:Markoff, John
1708:
1693:
1689:
1685:
1684:
1680:(June 2010),
1679:
1673:
1671:
1669:
1667:
1650:
1646:
1642:
1635:
1620:
1619:cve.mitre.org
1616:
1610:
1595:
1591:
1584:
1569:
1565:
1564:
1557:
1549:
1545:
1539:
1535:
1526:
1523:
1521:
1518:
1516:
1513:
1511:
1508:
1506:
1503:
1501:
1498:
1497:
1491:
1488:
1484:
1474:
1472:
1468:
1465:
1460:
1458:
1453:
1451:
1447:
1443:
1433:
1424:
1422:
1417:
1408:
1404:
1401:
1397:
1396:
1390:
1387:
1383:
1373:
1367:
1363:
1359:
1355:
1351:
1347:
1344:
1340:
1336:
1332:
1328:
1325:
1321:
1317:
1314:
1310:
1306:
1303:
1299:
1296:
1292:
1288:
1285:
1281:
1280:
1279:
1277:
1267:
1265:
1254:
1242:
1240:
1234:
1225:
1224:
1216:
1214:
1210:
1206:
1202:
1198:
1194:
1190:
1186:
1182:
1178:
1174:
1161:
1158:
1154:
1150:
1147:
1144:
1141:
1138:
1134:
1130:
1126:
1122:
1118:
1115:
1114:
1113:
1102:
1099:
1095:
1092:
1088:
1084:
1081:
1080:
1079:
1071:
1069:
1065:
1061:
1057:
1053:
1049:
1044:
1042:
1038:
1028:
1025:
1021:
1017:
1013:
1009:
1005:
1001:
997:
985:of each peer.
984:
980:
976:
972:
968:
964:
960:
957:
952:
948:
945:
941:
937:
933:
928:
924:
919:
915:
912:
908:
904:
903:
901:
897:
894:
890:
886:
882:
881:
880:
878:
874:
864:
862:
854:
850:
846:
842:
838:
835:
831:
827:
826:ADMIN$ share
823:
820:
816:
812:
808:
804:
800:
796:
792:
788:
787:
774:
770:
766:
764:
761:
758:
757:
755:
752:
751:
750:
743:
742:
740:
737:
734:
733:
732:
725:
724:
722:
717:
716:
715:NetBIOS push
714:
713:
712:
705:
704:
702:
701:
700:
697:
694:
693:
687:
686:
685:
678:
677:
675:
672:
670:
666:
657:
656:
654:
653:
652:
645:
644:
642:
637:
636:
634:
633:
632:
629:
626:
623:
622:
616:
615:
614:
609:
606:
605:
604:
597:
594:
593:
592:NetBIOS push
591:
586:
585:
583:
582:
581:
574:
573:
571:
562:
559:
558:
556:
555:
554:
551:
548:
547:
541:
540:
539:
534:
531:
530:
529:
522:
521:
520:NetBIOS push
519:
514:
513:
511:
510:
509:
502:
501:
499:
490:
487:
486:
484:
483:
482:
479:
476:
475:
469:
468:
467:
465:
462:
455:
449:
448:
446:
445:
444:
437:
436:
434:
433:
432:
429:
426:
425:
421:
419:Self-defense
418:
415:
413:
410:
407:
404:
403:
400:
396:
393:
383:
381:
377:
372:
370:
365:
363:
358:
356:
351:
349:
345:
341:
336:
333:
323:
321:
317:
312:
309:
305:
301:
297:
293:
292:Windows Vista
289:
285:
281:
277:
276:vulnerability
267:
265:
261:
260:
255:
251:
236:
227:
223:
221:
217:
213:
209:
206:
202:
201:computer worm
198:
194:
190:
186:
178:
174:
173:Windows Vista
170:
166:
162:
159:
155:
150:
147:
144:
140:
136:
131:
125:
121:
118:
115:WORM_DOWNAD (
114:
111:
108:Win32:Confi (
107:
104:
100:
97:
93:
90:
86:
83:
80:Conficker.A (
79:
76:
72:
69:
65:
62:
58:
55:
51:
48:
44:
43:
42:
38:
33:
30:
27:Computer worm
19:
5073:
4975:Sony rootkit
4741:Bluehell IRC
4710:Dan Kaminsky
4705:Sven Jaschan
4350:Trojan horse
4163:
4080:(June 2010).
4073:
4063:
4010:, retrieved
3996:
3990:
3979:, retrieved
3965:
3959:
3947:. Retrieved
3929:
3918:, retrieved
3914:the original
3908:
3901:
3890:, retrieved
3880:
3873:
3862:, retrieved
3858:the original
3848:
3842:
3831:, retrieved
3821:
3814:
3803:, retrieved
3799:the original
3789:
3783:
3772:, retrieved
3758:
3752:
3741:, retrieved
3737:the original
3727:
3720:
3709:, retrieved
3699:
3692:
3681:, retrieved
3677:the original
3671:
3664:
3653:, retrieved
3639:
3632:
3621:, retrieved
3617:the original
3611:
3605:
3594:, retrieved
3590:the original
3580:
3574:
3563:, retrieved
3559:the original
3553:
3547:
3538:22 September
3536:, retrieved
3532:the original
3522:
3516:
3505:, retrieved
3501:the original
3495:
3488:
3476:. Retrieved
3458:
3446:. Retrieved
3432:
3421:, retrieved
3407:
3400:
3389:, retrieved
3385:the original
3375:
3368:
3357:, retrieved
3347:
3340:
3329:, retrieved
3325:the original
3315:
3308:
3297:, retrieved
3293:the original
3286:
3262:, retrieved
3252:
3246:
3235:, retrieved
3221:
3215:
3204:, retrieved
3190:
3183:
3172:, retrieved
3158:
3151:
3139:. Retrieved
3135:the original
3125:
3114:, retrieved
3110:the original
3096:
3090:
3079:, retrieved
3075:the original
3065:
3058:
3047:, retrieved
3043:the original
3033:
3012:, retrieved
2996:
2983:
2972:, retrieved
2958:
2951:
2940:, retrieved
2936:the original
2926:
2905:, retrieved
2901:the original
2895:
2866:, retrieved
2862:the original
2856:
2833:, retrieved
2829:the original
2819:
2797:, retrieved
2790:the original
2781:
2754:, retrieved
2750:the original
2740:
2717:, retrieved
2713:the original
2703:
2681:. Retrieved
2644:, retrieved
2630:
2605:, retrieved
2601:the original
2591:
2584:
2573:, retrieved
2569:the original
2559:
2538:, retrieved
2534:the original
2528:
2490:, retrieved
2481:
2454:, retrieved
2438:
2425:
2413:. Retrieved
2404:
2395:
2384:, retrieved
2374:
2367:
2355:. Retrieved
2346:The Register
2344:
2334:
2323:, retrieved
2319:the original
2313:
2307:
2296:, retrieved
2286:
2279:
2268:, retrieved
2258:
2251:
2240:, retrieved
2230:
2223:
2212:, retrieved
2196:
2165:, retrieved
2155:
2148:
2137:, retrieved
2127:
2121:
2109:. Retrieved
2094:
2083:, retrieved
2069:
2062:
2051:, retrieved
2041:
2034:
2022:. Retrieved
2013:
1985:, retrieved
1971:
1965:
1954:, retrieved
1938:
1932:
1921:, retrieved
1905:
1899:
1888:, retrieved
1874:
1868:
1857:, retrieved
1847:
1840:
1828:. Retrieved
1809:
1797:. Retrieved
1786:
1777:
1766:, retrieved
1753:
1743:
1731:. Retrieved
1720:
1707:
1696:, retrieved
1688:The Atlantic
1682:
1678:Bowden, Mark
1653:. Retrieved
1644:
1634:
1622:. Retrieved
1618:
1609:
1597:. Retrieved
1593:
1583:
1572:, retrieved
1562:
1556:
1538:
1480:
1461:
1454:
1446:peer-to-peer
1439:
1430:
1418:
1414:
1405:
1399:
1393:
1391:
1379:
1371:
1273:
1261:
1248:
1237:
1213:Shadowserver
1209:Georgia Tech
1170:
1111:
1077:
1045:
1040:
1036:
1034:
1031:Self-defense
993:
885:domain names
870:
858:
852:
840:
805:server on a
797:and execute
463:
397:
389:
373:
366:
359:
352:
343:
337:
329:
284:Windows 2000
273:
263:
257:
247:
233:
224:
196:
192:
188:
184:
183:
161:Windows 2000
29:
4893:SQL Slammer
4715:Samy Kamkar
4636:Individuals
4601:Level Seven
4564:Ac1db1tch3z
4543:(2008–2010)
4442:(2003–2006)
4048:Mark Bowden
3981:16 February
3743:28 December
2974:15 February
2597:Trend Micro
1624:7 September
1599:7 September
875:executable
861:svchost.exe
853:autorun.inf
841:recycle.bin
815:svchost.exe
698:2009-04-07
627:2009-03-04
552:2009-02-20
480:2008-12-29
430:2008-11-21
422:End action
344:NavyStar/N*
332:French Navy
308:out-of-band
220:SQL Slammer
117:Trend Micro
103:BitDefender
5103:Categories
4780:discovered
4767:darksun.ws
4762:unkn0wn.eu
4670:Lil Hacker
4616:ShadowCrew
4541:WebcamGate
4440:Titan Rain
4284:ZeroAccess
3448:22 January
3141:16 January
2415:2 February
2298:20 January
2270:20 January
2167:20 January
1987:17 January
1956:1 November
1923:1 November
1859:18 January
1830:16 January
1799:16 January
1531:References
1510:Bot herder
1473:requests.
1251:March 2012
1091:Storm worm
1074:End action
1020:public key
983:IP address
936:named pipe
923:heuristics
914:registries
660:DNSAPI.DLL
635:HTTP pull
584:HTTP pull
512:HTTP pull
447:HTTP pull
362:Manchester
355:Bundeswehr
288:Windows XP
230:Prevalence
165:Windows XP
5074:Conficker
5053:Agent.btz
4581:Avalanche
4569:Anonymous
4426:Incidents
4274:Vulcanbot
4164:Conficker
4065:Fresh Air
3939:Microsoft
3795:Microsoft
3764:Microsoft
3528:Microsoft
3468:Microsoft
2964:Microsoft
2565:Microsoft
2357:10 August
2075:Microsoft
1754:Techworld
1655:27 August
1548:Microsoft
1173:Microsoft
1139:disabled.
1098:scareware
1008:encrypted
981:from the
918:transfers
799:shellcode
769:scareware
669:Safe Mode
667:Disables
386:Operation
348:Sheffield
270:Discovery
185:Conficker
89:Kaspersky
35:Conficker
5079:Koobface
5058:Mariposa
5006:Stration
5001:Clickbot
4965:PGPCoder
4913:Graybird
4851:Code Red
4825:ILOVEYOU
4799:sslstrip
4757:ryan1918
4734:Darknets
4725:Stakkato
4663:Digerati
4659:Dshocker
4626:Sandworm
4596:GhostNet
4409:Timeline
4244:Slenfbot
4209:Mariposa
4194:Koobface
4154:Bredolab
4149:BASHLITE
4074:Atlantic
4006:archived
3975:archived
3949:15 April
3943:Archived
3892:31 March
3886:archived
3864:25 April
3854:Symantec
3833:25 April
3827:archived
3805:30 March
3774:29 March
3768:archived
3705:archived
3683:31 March
3649:archived
3623:27 March
3596:31 March
3565:31 March
3478:3 August
3472:Archived
3442:Archived
3423:13 April
3417:archived
3391:11 April
3381:Symantec
3359:11 April
3353:archived
3331:10 April
3321:Symantec
3299:25 April
3264:30 March
3258:archived
3237:29 March
3231:archived
3200:archived
3168:archived
3116:29 March
3081:10 April
3071:Symantec
3049:10 April
3005:archived
3001:Symantec
2968:archived
2942:10 April
2932:Symantec
2907:29 March
2868:10 April
2825:Symantec
2799:13 April
2746:Symantec
2709:Symantec
2683:25 April
2677:Archived
2673:Symantec
2640:archived
2636:Symantec
2575:30 March
2540:29 March
2492:29 March
2486:archived
2447:archived
2443:Symantec
2409:Archived
2405:BBC News
2386:29 March
2380:archived
2351:Archived
2292:archived
2264:archived
2236:archived
2205:archived
2201:Symantec
2161:archived
2139:15 April
2133:archived
2111:29 March
2105:Archived
2079:archived
2047:archived
2018:Archived
1981:archived
1947:archived
1914:archived
1890:25 March
1884:archived
1853:archived
1824:Archived
1820:F-Secure
1793:Archived
1768:23 April
1762:archived
1733:23 April
1727:Archived
1692:archived
1649:Archived
1574:28 April
1568:archived
1494:See also
1464:sniffing
1360:that no
1350:Guernsey
1205:F-Secure
1201:Symantec
1189:Verisign
1167:Response
1131:(BITS),
1123:such as
1108:Symptoms
1103:product.
1068:resolver
990:Armoring
956:backdoor
900:disjoint
877:payloads
703:NetBIOS
557:NetBIOS
485:NetBIOS
435:NetBIOS
405:Variant
193:Downadup
157:Platform
75:F-Secure
68:Symantec
5084:Waledac
4991:Rustock
4918:Blaster
4898:Welchia
4830:Pikachu
4810:Malware
4680:camZero
4330:Malware
4279:Waledac
4234:Rustock
4224:Metulji
4189:Kelihos
4184:Gumblar
4159:Cutwail
4115:Botnets
4050:(2011;
4012:1 April
3971:US-CERT
3920:2 April
3711:26 June
3655:1 April
3507:1 April
3206:3 April
3174:1 April
3014:19 June
2835:1 April
2756:1 April
2719:3 April
2646:1 April
2607:7 April
2456:1 April
2325:1 April
2242:1 April
2214:1 April
2085:1 April
2053:1 April
2024:30 June
1851:, CNN,
1525:Malware
1487:AutoRun
1477:US CERT
1386:Ukraine
1185:Neustar
1177:Afilias
1155:or the
1087:spambot
1083:Waledac
951:patches
873:pulling
849:AutoRun
830:NetBIOS
763:spambot
760:Waledac
565:ADMIN$
493:ADMIN$
392:malware
262:(engl.
250:English
239:History
199:, is a
171:(SP2),
5048:Asprox
4949:Mydoom
4944:Sasser
4939:NetSky
4877:Simile
4801:(2009)
4795:(2008)
4789:(2002)
4695:diabl0
4690:Cyxymu
4685:Coolio
4654:SilenZ
4556:Groups
4320:Malbot
4264:Torpig
4249:Srizbi
4239:Sality
4214:Mega-D
4204:Lethic
4199:Kraken
4169:Donbot
4139:Asprox
4054:
3645:SWITCH
1698:15 May
1500:Botnet
1400:et al.
1376:Origin
1354:Jersey
1335:Polish
1333:, the
1311:, the
1309:SWITCH
1211:, The
1037:SYSTEM
1000:hashed
979:hashed
567:shares
495:shares
302:, and
264:fucker
259:Ficker
254:German
222:worm.
216:botnet
189:Downup
124:ClamAV
110:avast!
96:McAfee
47:Sophos
5022:Storm
4934:Bagle
4908:Gruel
4903:Sobig
4856:Nimda
4644:AKill
4591:0x1fe
4414:2010s
4404:1990s
4269:Virut
4259:TDL-4
4254:Storm
4229:Nitol
4219:Mirai
4174:Festi
4144:Bagle
4134:Akbot
3164:ICANN
3008:(PDF)
2993:(PDF)
2793:(PDF)
2786:(PDF)
2450:(PDF)
2435:(PDF)
2208:(PDF)
2193:(PDF)
1977:ZDNet
1950:(PDF)
1943:(PDF)
1917:(PDF)
1910:(PDF)
1384:that
1316:ccTLD
1313:Swiss
1264:$ USD
1181:ICANN
996:SHA-1
630:None
464:None
311:patch
278:in a
82:Panda
5067:2009
5041:2008
5027:ZeuS
5015:2007
4996:ZLOB
4984:2006
4970:Samy
4958:2005
4927:2004
4886:2003
4870:2002
4861:Klez
4839:2001
4818:2000
4675:BadB
4586:GNAA
4523:2009
4492:2008
4471:2007
4455:2005
4433:2004
4289:Zeus
4179:Grum
4052:ISBN
4014:2009
3983:2009
3951:2009
3922:2009
3894:2009
3866:2009
3835:2009
3807:2009
3776:2009
3745:2009
3713:2009
3685:2009
3657:2009
3625:2009
3598:2009
3586:CIRA
3567:2009
3540:2009
3509:2009
3480:2009
3450:2009
3425:2009
3393:2009
3361:2009
3333:2009
3301:2009
3266:2009
3239:2009
3208:2009
3176:2009
3143:2009
3118:2009
3083:2009
3051:2009
3016:2009
2976:2015
2944:2009
2909:2009
2870:2009
2837:2009
2801:2009
2758:2009
2721:2009
2685:2009
2648:2009
2609:2009
2577:2009
2542:2009
2494:2009
2458:2009
2417:2010
2388:2009
2359:2017
2327:2009
2300:2009
2272:2009
2244:2009
2216:2009
2169:2009
2141:2009
2113:2009
2087:2009
2055:2009
2026:2019
1989:2017
1958:2011
1925:2011
1892:2009
1861:2009
1832:2009
1801:2009
1770:2009
1735:2009
1700:2010
1657:2009
1626:2023
1601:2023
1576:2009
1481:The
1358:IANA
1352:and
1343:DDoS
1331:NASK
1322:and
1291:CIRA
1135:and
1085:, a
1062:and
1002:and
940:URLs
889:TLDs
807:port
803:HTTP
338:The
318:and
244:Name
197:Kido
195:and
146:Worm
142:Type
54:ESET
4611:RBN
4129:3ve
4070:NPR
4068:on
4058:);
4046:by
1880:UPI
1758:IDG
1471:ARP
1366:.je
1364:or
1362:.gg
1339:.pl
1324:.li
1320:.ch
1302:.pa
1295:.ca
1284:.cl
1276:TLD
1024:MD6
1016:RSA
1012:key
1004:RC4
975:TCP
971:UDP
911:TLD
811:DLL
791:RPC
5105::
4000:,
3969:,
3937:.
3852:,
3793:,
3762:,
3731:,
3647:,
3643:,
3584:,
3526:,
3470:.
3466:.
3415:,
3411:,
3379:,
3319:,
3285:,
3273:^
3227:CA
3225:,
3198:,
3166:,
3162:,
3104:,
3100:,
3069:,
3037:,
3023:^
2995:,
2966:,
2962:,
2930:,
2916:^
2877:^
2844:^
2823:,
2808:^
2765:^
2744:,
2728:^
2707:,
2693:^
2675:.
2671:.
2655:^
2638:,
2634:,
2616:^
2595:,
2563:,
2549:^
2501:^
2484:,
2480:,
2465:^
2441:,
2437:,
2403:.
2349:.
2343:.
2199:,
2195:,
2176:^
2077:,
2073:,
2016:.
2012:.
1996:^
1975:,
1878:,
1822:.
1818:.
1785:.
1760:,
1756:,
1752:,
1725:.
1719:.
1690:,
1686:,
1665:^
1647:.
1643:.
1617:.
1592:.
1546:.
1203:,
1199:,
1191:,
1187:,
1183:,
1179:,
1175:,
1127:,
1058:,
1054:,
1043:.
298:,
294:,
290:,
286:,
191:,
175:,
167:,
163:,
61:CA
4384:e
4377:t
4370:v
4107:e
4100:t
4093:v
3953:.
3482:.
3452:.
3145:.
2687:.
2419:.
2361:.
2115:.
2028:.
1834:.
1803:.
1737:.
1659:.
1628:.
1603:.
1550:.
1253:)
1249:(
1243:.
1006:-
998:-
958:.
946:.
855:.
126:)
119:)
112:)
105:)
98:)
91:)
84:)
77:)
70:)
63:)
56:)
49:)
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.