Win32/Conficker Botnet Baffles Researchers

Microsoft released an urgent patch for it in October, warning that hackers could take advantage of a remote code vulnerability that existed on the windows systems due to the fact that it could not handle specially crafted RPC requests. The Gimmiv.A trojan that manipulates the vulnerability in the server service of the windows system can already be found on quite a few servers and desktops.

Specially designed to steal passwords and system information from infected PC's, the Gimmiv.A trojan would communicate the stolen information to a remote server in an encrypted format. Once that is done the remote server would in turn send the files back to the infected PC in order expand the distribution of the trojan.

The latest worm/trojan identified that can efficiently manipulate the windows vulnerability goes by the name of Win32/Conficker. Other internet security companies have different names for it, for instance Symantec calls it Downadup and Trend Micro calls it Downad.a. Of late this particular worm/trojan has been responsible for the creation of a fast growing botnet.

Researchers estimate that the Win32/Conficker botnet has already infected over half a million users. This might not seem like much right now but considering the fact that it took a short three weeks to accumulate that number of bots, this botnet is pretty incredible. Researchers are afraid that this botnet is still to recruit many more bots and it's consistency has left them baffled.

Analyst believe that the cause of the rapid distribution of the Win32/Conficker botnet is largely due to the fact that computers are not being updating with the latest security software. Computer users need to understand the importance of regularly updating your software, yes it might be expensive to regularly update your software but it will be even more costly to get your life back together once you've been hit by a botnet attack!