Confiker "C"

Are we secure against the worm Confiker "c "
Sounds a stupid question,i know,but this latest onslasught sounds like it could be a real problem.
Thanks and Regards

A good question, I was hoping this was dealt with by now:
http://malwareresearchgroup.com/?p=358

Interesting report James.
I would hope by now (v.8) deals with the problem.
I would also expect some comment from the developers.
From what i have read about Confiker “C” it is going to be a very serious problem for networks and the like.
Regards

This is what i nam talking about.

An answer would be appreciated.
Thank you.

Still no answer?

not sure if you take a look in the CIS version but they tested it with .439 and .477 was released some time ago now…

Conficker C is known since 11 Mar 2009, so I think there should be signature for it, but I’m not 100% sure.

Any comment from the developers?

I’ve seen some conficker entries on the update databasepage so I guess we’re safe. I know we are against conficker.b :slight_smile:

Xan

D+ stops it for sure!! proved by egemen somewhere in the forum.

I read that too… If I remember correctly D+ even warned for “malicious behavior” (really strong alert) if Conficker is trying to run… =)

I am much obliged
thank you

Yep it says something like behavior or heuristics or something really cool!!

:comodorocks:

I’ve been reading this forum for quite some time now, and now decided to write something… I wanted to clarify some points, I felt the need to clarity.

Hope you guys don’t mind.

And? I’m sure you, me, and other people would be able to interpret a given alert by Defense+, which could be for Conficker/Downadup, new version, aka Conficker.C.

But, what most people want, is for their security solution, to stop it/others, by detecting the malware, and not some action, which could say anything like - Ad-aware.exe is attempting to …

People’s reaction - Oh, is Ad-aware… Let’s allow it. BOOM!

I wouldn’t be surprised if Defense+ would even say it’s unknown (I know for a fact it says unknown). A lot legitimate applications are unknow, in what comes to Defense+.

Follow my raciocine here?

Defense+, and other HIPS, I’ve worked with, and still work, are not the solution for the masses. Sorry, but it isn’t.
Very cautious people would fall for a very simple trick, as the one I’ve mentioned above.

If we were talking about a 0-day malware, then, most people would become infected, either by not running a HIPS or by running a HIPS, advised by someone else, but, which they do not know how to work with.

Reality is, we’re talking about an already known malware, and if COMODO AV doesn’t detect such, then they should hurry, and make such detection available, no?

Saying that Defense+ has been proven to intercept it, in a test done by someone who knows how to interpret alerts, isn’t a fair deal, in my most honest opinion.

I wonder, if I put it to test with hundreds of people, and wired them all up on a network, and tell to them:

  • I’m gonna get in your systems and alerts will be given. Not all is bad, nor all is good. The ultimate decision is yours. Choose wisely.

What would be then end result?

It could happen a very restrict number knows what they’re dealing with. But, the higher % woulnd’t, and given my warning, they would either allow or block all.

Let’s not make of a HIPS, what is not - the ultimate solution for the masses.

Take care

Here we go again. If you look at the messages posted of D+ preventing confliker from running you will see actually the word MALWARE!!! even my 3 year old son will click BLOCK!

Yes, it does. Still, is also tags perfectly legitimate applications as malware, due to the heuristics thing.

So, what?

Wouldn’t, in a situation like that, some user just allow it? After all, don’t forgot, we could be talking about some warning mentioning Ad-aware, Spybot.exe, Avira, Avast… whatever. And happen, that, hey, the user does have it installed on the system, and someone told him/her that Defense+ could give such a warning for safe applications.

And, in Ad-aware’s case, Defense+ doesn’t recognize it as a known application. Meaning, it won’t check if it’s indeed Ad-aware or not. It will just alert. Who says it isn’t? Who says it is?

Conficker B and C detected by the AV last night with DB revision 1082. It reports it as (from memory) malware with the name “kido”, which several AVs firms (including Comodo) are using to denote the Conficker family.

Ewen :slight_smile:

Yep, unfortunately what you’ve posted makes sense. My girfriend’s pc was infected because she didn’t know how to react for the “unknown”, not malware, alert. D+ worked but the alert wasn’t clear enough.

One more time …

Conficker B and C detected by the AV - not Defense+ last night with DB revision 1082. It reports it (from memory) as malware with the name “kido”, which several AVs firms (including Comodo) are using to denote the Conficker family.

Ewen :slight_smile: