Wednesday, April 1, 2009

clamav detects conficker

Taken from http://www.clamav.net/2009/01/29/conficker-aka-downadup/

Some of you may have heard of a current major outbreak of a virus known as Downadup that has been reported at http://news.bbc.co.uk/1/hi/technology/7842013.stm and http://news.bbc.co.uk/1/hi/technology/7832652.stm. It has been estimated that move than 9 million PCs are infected across the world.

ClamAV detects Downadup, also known as Conficker, as Worm.Downadup. Once on a system it downloads components that ClamAV detects as members of the Trojan.Downloader- family of signatures.

The virus primarily exploits MS08-067; it can also spread through USB sticks. Since the virus is not spread by email we don’t expect to see much activity in our core user-base, which tends to use ClamAV to scan emails. We are, nevertheless, keeping an eye out for it through freshclam’s statistics gathering system – we are yet to see any obvious spike of activity from it. If we hear anything we’ll let you know.


No comments: