If you have a Windows PC, do you have a virus scanner on it? Are you sure it is working?

Our Virus guys (well, anti-virus actually :-) ) thought their software was working correctly, but because of the DNS logging I installed, I was able to prove that there was something wrong nevertheless.

Looking at those logs, I see DNS queries for domains such as wllntjmv.org, tbskpqrsn.org, mtntdjlfkcv.org, etc. Hundreds of them. Whom do they belong to? Let’s see:

    $ whois mtntdjlfkcv.org
    Registrant Name:Conficker Cabal
    Admin Name:Conficker Cabal

My first thought is: boy, are they cheeky, registering their domains under the name “Conficker Cabal”. ;-)

In fact, Conficker Cabal is an alliance to

combat Conficker, the savage Windows worm


Case in point, however, is that I’m right. Those PCs are infected with the Conficker worm, and that’s it.

As to why the AV-scanner doesn’t find it? No idea, but I’m sure somebody is looking into the situation, at least I hope they are.

Software, conficker, and virus :: 02 Sep 2009 :: e-mail