If you have a Windows PC, do you have a virus scanner on it? Are you sure it is working?

Our Virus guys (well, anti-virus actually :-) ) thought their software was working correctly, but because of the DNS logging I installed, I was able to prove that there was something wrong nevertheless.

Looking at those logs, I see DNS queries for domains such as wllntjmv.org, tbskpqrsn.org, mtntdjlfkcv.org, etc. Hundreds of them. Whom do they belong to? Let's see:

$ whois mtntdjlfkcv.org
    Domain Name:MTNTDJLFKCV.ORG
    Registrant Name:Conficker Cabal
    ...
    Admin Name:Conficker Cabal
    ...

My first thought is: boy, are they cheeky, registering their domains under the name "Conficker Cabal". ;-)

In fact, Conficker Cabal is an alliance to

combat Conficker, the savage Windows worm

Hmm.

Case in point, however, is that I'm right. Those PCs are infected with the Conficker worm, and that's it.

As to why the AV-scanner doesn't find it? No idea, but I'm sure somebody is looking into the situation, at least I hope they are.

Flattr this
Software, conficker, and virus :: 02 Sep 2009 :: e-mail

Comments

blog comments powered by Disqus