Malware type: Worm

Aliases: Net-Worm.Win32.Kido.dam.y (Kaspersky), W32/Conficker.worm (McAfee), W32.Downadup (Symantec), Worm/Conficker.AC (Avira), W32/Downldr2.EXAE (exact) (F-Prot), Worm:Win32/Conficker.A (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 2000, XP, Server 2003, Vista

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview

This .DLL worm may be downloaded from remote sites by other malware. It may be dropped by other malware. It may also arrive bundled with malware packages as a malware component.

It is a file stored in the Windows system folder and is capable of exporting functions used by other malware.

Once executed, it connects to certain Web sites to download possibly malicious files. It resolves the host name by attempting to obtain the machine's IP address by accessing certain URLs.

This worm also propagates by taking advantage of a vulnerability discovered in certain Microsoft operating systems that could allow remote code execution if an affected system received a specially crafted RPC request. More information on the said vulnerability can be found in the following link:

• Server Service Vulnerability

For additional information about this threat, see:
Solution
Technical Details

Description created: Nov. 24, 2008 2:59:58 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.