Talk:Conficker/Archive 1

Operation
'It then connects to a server, where it receives further orders to propagate, gather personal information, and downloads and installs additional malware onto the victim's computer.' I was under the impression that Conficker currently only propagated itself and listened for further instructions from specific channels on what the botnet should do, and that such a message has not been sent yet? The way this sentence is phrased it makes it sound like Conficker has been sent the signal already. Has it actually been activated yet? 134.173.66.81 (talk) 22:00, 25 January 2009 (UTC)
 * It must have been activated for it to do the damage it has done oversees already. My May 2009 edition of PC Advisor claimed that the worm was simply lying in wait, but this isn't true. The worm generates a fresh list of about 250 random domain names daily and then checks those domains for instructions. When researchers started studying the worms behavior, they realised it was registering about 2,000 sites a week. The article doesn't half explain the seriousness of the conflicker. The truth is, the conflicker has the potential to reprogram a network, allowing this cybergroup to use the computers they infect for their own nefarious purposes. I just look forward to Microsoft catching these guys and/or girls. Refreshments (talk) 16:10, 19 March 2009 (UTC)

Timeline
Since this was first detected in 2008 why is the coverage all in mid Jan 2009? Rich Farmbrough, 11:01 23 January 2009 (UTC).
 * I only heard about this today by reading it in my daily newspaper. I haven't heard about it in any of my usual online news sources. I do remember back in October hearing about Microsoft's big out-of-band release that was highly critical to install to avoid serious problems with predicted malware. I guess that the IT admins generally installed it and forgot about it. Now that it's impacting a lot of non-IT computers, it's being picked up by mainstream media sources. But that's only a guess. It did cause me to go back over all my systems and make sure that everything was protected. Turns out that not everything. Good thing I checked; it never hurts to be reminded about these things. -- Will scrlt  ( Talk ) 14:25, 23 January 2009 (UTC)

Infobox
Hi. I added an infobox to the article, but I am not really familiar with the details of that particular one, so someone who regularly edits malware articles should add the missing information. Thanks. -- Will scrlt  ( Talk ) 14:25, 23 January 2009 (UTC)

Link
Bundeswehr affirmed: one of our servers is infected, some departments are affected:

http://www.bundeswehr.de/portal/a/bwde/streitkraefte?yw_contentURL=/C1256EF4002AED30/W27PED65714INFODE/content.jsp —Preceding unsigned comment added by 88.72.225.151 (talk) 09:39, 12 March 2009 (UTC)

Newsagency dpa: some hundred computers affected: http://computer.t-online.de/c/17/68/25/30/17682530.html —Preceding unsigned comment added by 88.72.225.151 (talk) 11:08, 12 March 2009 (UTC)

Spread of Conficker
The article needs to be more explicit about how Conficker spreads. One line says it can spread by USB flash drives, but did it reach 9 million PCs solely on this vector? Does it spread when the user visits a website, or does it attack passive computers? Is a computer vulnerable behind a NAT router? The graphic titled "spread of conficker" doesn't help; it shows the attack coming by way of an unlabeled white box. Spiel496 (talk) 06:22, 22 January 2009 (UTC)

---Uh, lessee...public and private networks, email attachments, and portable media. protable media including but not limited to: USB sticks/flash drives, custom burned cd's (and I would presume DVD's as well), and floppies. Which would imply that XBOX systems may be vulnerable, but I haven't heard anything yet about that. Someone else noted that Conficker does not have an .exe file, which is technically correct, and allows for it to travel pretty much however it wants to. Once it's on a system and has a way to get off and spread it usually does. Watch out for McDonald's, hotels, and the ever popular Universities while you're at it. 75.89.166.147 (talk) 16:21, 26 February 2009 (UTC)TiaF

"Win32/Conficker.A avoids infecting Ukrainian located computers" (From Malware Protection Center) maybe this explains where the Virus is from. —Preceding unsigned comment added by 71.177.230.218 (talk) 00:23, 25 March 2009 (UTC)

Conficker versions
According to http://www.cnn.com/2009/TECH/03/24/conficker.computer.worm/index.html and several other articles pulled up through news.google.com, we are currently on Conficker version C, which is the thrid release and behaves differently in some ways from Conficker.A. Conficker.C doesn't spread through the network like Conficker.A but makes Conficker harder to detect and remove from previous versions. Conficker.B was also released after the Microsoft patch. Some articles also suggest the new Conficker disables some anti-virus services. —Preceding unsigned comment added by Srvfan84 (talk • contribs) 15:09, 24 March 2009 (UTC)
 * And as I said above from the CNN article, it is set to activate April first. --205.202.243.5 (talk) 15:17, 24 March 2009 (UTC) (jakezing)

How to get rid of it
I had conflicker on my computer but the virus scan enterprise seemed to make short work of that! It comes up on my screen as deleted so I don't know, I guess its been deleted. At the moment I think the best thing to do is to simply nout use a U.S.B. while on the internet. Esp. with sites like wikipedia, which probs is prime targets. Don't save pages off the internet, and if you notice its taking a long time to save a page like it was with me, it's probably because the computers infected. If the worm is stealing passwords, substitute emails and passwords ought to be used only. No purchases should be made on the internet (i.m.o). Refreshments (talk) 15:18, 19 March 2009 (UTC)


 * Whether or not you get this virus has nothing to do with what websites you visit, whether or not you save pages from websites, or how long it takes you to save pages. This virus is spread through a buffer overrun vulnerability, which means you could get it from anywhere, anytime, even if you aren't even in your web browser. Yes, portable storage devices are capable of carrying it. But not just any USB device - your keyboard and mouse are fine. If you are infected, don't log onto anything using any passwords or personal information, temporary substitutes or otherwise. If you are infected, do NOT enter any personal information into the computer, in ANY case - web purchase related or not.Coder0xff2 (talk) 03:12, 25 March 2009 (UTC)

Analysis of Conficker
SRI International released this Technical Report, an analysis of variant C.. If it has any new information, if may be pertinent. Sephiroth storm (talk) 04:41, 28 March 2009 (UTC)

Origin of the virus
Would it be possible to have some information on where the virus/worm comes from (ie : who created it)? and what they were aiming to do by creating it. 195.25.74.189 (talk) 11:33, 13 March 2009 (UTC)
 * Nobody knows that. There is a $250,000 reward out for that information.  If you have it, feel free to claim your reward.  Chris  lk02  Chris Kreider 13:52, 24 March 2009 (UTC)
 * Man do I wish I knew. If I knew, I think I'd be getting a new car. JeremyWJ (talk) 08:44, 31 March 2009 (UTC)
 * If I knew, I'd be getting a ton of Wii games, the new Pokemon Ranger game, and some other stuff.-69.206.165.64 (talk) —Preceding undated comment added 00:58, 1 April 2009 (UTC).
 * If I knew, I'd be getting a new DS, a Wii, and a dozen games for each. Then I'd donate the rest to some charity or whatever.  *grinning*  See?  I'm nice.  ---Eh.  How do I sign this?  OH like this.  Got it.  Eh...Ermmmm let me try it, here I go.  -Comment added 00:21, 1 April 2009 (UTC).
 * Four tildes(~) make a full signature, while 3 make a shorter signature, also I don't think what we would do with $250,000 is the proper use of the talk page. Kilshin (talk) 17:07, 1 April 2009 (UTC)

How To Remove Conficker
This article and almost every other news article I've seen all fail to give the reader a simple direct link to programs that can remove this virus. That's a pity. 24.16.88.14 (talk) 18:21, 31 March 2009 (UTC)
 * Sorry, but Wikipedia is not a how-to. MuZemike 21:41, 31 March 2009 (UTC)

We added step by step Conficker removal guide, over 25.000 visitors already seen that page and from that clicked 572 to avg.com/free live scan 366 and others. This is what we wrote today few hours ago  —Preceding unsigned comment added by Livecrunch (talk • contribs) 04:17, 1 April 2009 (UTC)

60 Minutes story
On March 22, 60 Minutes ran a story about this virus, led by Leslie Stahl. I've seen some websites critical of her reporting, but I think that being reported on 60 Minutes deserves a mention in the article. Rockingbeat (talk) 19:06, 31 March 2009 (UTC)

Just a heads up, someone just vandalized the main article page today, and I don't know how to report vandalism. Hopefully, if nobody's watching the actual page, people are watching the talk page... 66.192.63.2 (talk) 20:41, 31 March 2009 (UTC)
 * To report persisten vandals, use WP:AIV. However, to warn the vandals, go to history, click on the bugger's talk page and use the appropriate template here (if the link does not work, scroll down until you see a multicoloured table) Montgomery&#39; 39 (talk) 20:01, 1 April 2009 (UTC)

Two external removed due to suspicion
Two external links were removed by me due to suspicion of being fooling pages which may lead one to malicious domains. I had entered one of the links and got directed to a very suspect domain. Fortunately Kaspersky removal tool didn't detect the virus, but I removed those links in order to protect Wikipedia users. Robfbms (talk) 04:58, 1 April 2009 (UTC)
 * You removed the one that helped people step by step removing the Conficker, but I do agree with the one that was confliker...com something, good catch! Livecrunch (talk) 07:31, 1 April 2009 (UTC)

Hoax by TechwareLabs?
Or is this admittance of guilt itself just a joke and not real?

http://www.techwarelabs.com/articles/editorials/conflicker_virus_truth/ 68.209.242.33 (talk) 02:48, 2 April 2009 (UTC)
 * read the bottom, it says that the article is an April Fools joke.Dreammaker182 06:24, 3 April 2009 (UTC)

Removal
'Linux and Macintosh systems are unaffected as the virus only targets Windows software' present at the bottom of the first block of text. This message is uneccessary and superfluous. The first block of text already explains the nature of the virus and what it targets. 62.245.140.169 (talk) 17:03, 21 January 2009 (UTC)
 * The information is useful and relevant. Please do not remove it again. JohnCD (talk) 17:27, 21 January 2009 (UTC)
 * I too find this usefull information and it should be restored. Not all Linux or (especially) Mac-users are computer nerds and people might be in need of such information. PPP (talk) 09:03, 13 February 2009 (UTC)
 * I agree it should be removed as it is immaterial to the article. Also not mentioned (thankfully) is that Playstations, X-Boxes, PDAs, mobile phones and toasters are not targeted.  Sufficient is the list of targeted OSes.  These sorts of comments foster a naive view that not using the dominant platform is a security solution. One study (will cite when I find the book) of Window NT and Linux workstations with clean installs, fresh IPs and a LAN directly connected to the Internet showed that both systems had mean times to compromise measured in hours, not days.  Yes it's an old study but since it came out we have seen the rise of botnets, cross platform parallel compute libraries and automated penetration tests designed to find weaknesses in a broad spectrum of devices connected to a network. These new tools are just as applicable to creating malicious botnets as they are to finding cancer cures at home or finding and fixing security problems in networks. I'm no Windows apologist and I use Linux exclusively on my own computers.  I just think the constant "Linux/Macintosh/Insert favored OS here doesn't get viruses" harping misses the point.  It's a smug message that if you are running windows you should change.  But if everyone changed to your favored OS your imaginary security through obscurity would also vanish.  What then?  Would a change back to Windows then be warranted? 121.79.12.138 (talk) 22:44, 21 January 2009 (UTC)
 * I wouldn't be too quick in drawing conclusions, some phones or PDA's are running Windows thus could be affectable by this virus. Also, I don't know the OS an X-box is running, but since this is a Microsoft-product, it could be in the danger zone. Furthermore, the comparison between a computer and a toaster is one only an anonymous would make, becouse everybody knows it doesn't make any sense, since a toaster is not connected to the internet. It's like stating that the apple tree in my backyard probably won't get the Conficker disease from my computer. Nor wil I personally. But a desktop computer running Linux or MacOS is still a desktop computer and for many people the same thing. They surely deserve to be informed if their computer is violable or not. PPP (talk) 09:14, 13 February 2009 (UTC)
 * Given the article already mentions exactly which OSes are known to be affected, there is little point listing the OSes that are not known to be affected. Someone (207.203.88.15) appears to have noted this and added a list of other OSes including some really esoteric ones presumably to make some kind of point.  I'm with the previous user who objected to the original statement.  The argument that it's useful to include a list of OSes not affected might have some merit if the article said "Affects all PCs, except those with these OSes", but it doesn't. 94.193.9.40 (talk) 18:11, 13 February 2009 (UTC)

For tactfully explaining everything to this JohnCD fellow I didn't want to have to bother with, you have my utmost thanks. 62.245.140.169 (talk) 14:50, 29 January 2009 (UTC)

Comment: Why are you folks continuing to remove McAfee's on demand removal capabilities from the list of methods to remove? I sense some sort of bias here. McAfee can detect and remove the virus but the other AV's require removal tools. This should be very important to identify. —Preceding unsigned comment added by 71.135.75.227 (talk) 20:18, 5 February 2009 (UTC)

Simple, Wikipedia information must be verifiable. Please include references with your inclusion. Sephiroth storm (talk) 23:56, 5 February 2009 (UTC)

But how will you verify the verification? If "verifiable" were enforced for every sentence in Wikipedia there wouldn;t be a wikipedia. I'm not saying it's a bad idea but it seems to be trotted out selectively. —Preceding unsigned comment added by 69.149.65.237 (talk) 04:42, 26 March 2009 (UTC)

Is windows mobile effected? 213.67.232.233 (talk) 01:55, 13 February 2009 (UTC)
 * No - just the operating systems listed in the article. 94.193.9.40 (talk) 18:21, 13 February 2009 (UTC)

As much as I feel the need to attach the words "evil genius" to this thing, I still grudgingly admit that this worm is extremely sophisticated... a thing of beauty. —Preceding unsigned comment added by 206.191.106.109 (talk) 18:19, 30 March 2009 (UTC)

What are the symptoms of infection?
Is there a way of determining if your PC is infected? DavidRF (talk) 19:03, 19 January 2009 (UTC)
 * If the user's IQ is lower than 80, then it's probably infected. 121.44.18.220 (talk) 07:42, 20 January 2009 (UTC)
 * Very constructive, thanks. The article is a headline in the news section of the main page of wikipedia and I haven't heard about it anywhere else. Just wondering if we could get some elaboration on this threat. DavidRF (talk) 15:01, 20 January 2009 (UTC)
 * Seriously, what are the inddications? 惑乱 Wakuran (talk) 17:39, 20 January 2009 (UTC)
 * don't know the specific ones, but this is a spybot, which connects to external servers, so if you find your internet, or even just your computer is considerably slow, and it can't be blamed on just your old computer, then get the removal tool from microsoft's website and try it, if you're clean, then it won't find anything. —Preceding unsigned comment added by 24.65.77.144 (talk) 02:19, 21 January 2009 (UTC)
 * Apparently it spreads through networks by means of guessing passwords, and occasionally locks out users when attempted incorrect guesses one time too many. That seems to be a warning sign. 惑乱 Wakuran (talk) 10:11, 21 January 2009 (UTC)
 * Yes, there are ways to determine infection: e.g. Peter.Hozak (talk) 09:11, 3 April 2009 (UTC)

Why can't we correctly translate the German? --202.169.60.130 (talk) 15:26, 20 January 2009 (UTC)
 * Yeah. Wikipedia is fucking not censored for fucking minors! 惑乱 Wakuran (talk) 17:39, 20 January 2009 (UTC)

When this worm infected hundreds of windows machines on my company, I, being a member of the IT, received a giant load of calls that wouldn't me even let me stop to breathe... it was really fun to see people scary of a "malevolous virus attack" hehe Oxygenetik (talk) 10:17, 21 January 2009 (UTC)


 * The worm hides in a pendrive (that is contaminated on a computer with virus), there are two parts to it. The first is a exe. file, which is a *number*.exe and it is hidden. Note: the number is usually less than 100, like 8.exe, 11.exe. The second part is a .inf autorun config file like

ShellExecute=8.exe Action=View the contents of this drive When the autoplay pops up, you can select what you want to do, e.g. print the pictures, take no actions, etc. Normally people will select 'view contents of this drive' but it is actually an autoplay for the .exe file. once it is running, you can see it in the task manager, as *number*.exe. The symptoms are error popups like 'suddenly,life has new meaning'. Different variations have came out so there may be other effects on the computer. To remove, stick your pendrive into the usb, when the autoplay window popup, press cancel or the cross. Open cmd, type your drive, like H:. After that, type dir/w/o/a/p. If there is any suspicious .vbs, .exe, .ini/inf files, type in "attrib -h -r -s -a". Then type "del filename.ext" Replace the ext with extension type. like "del autorun.inf" or "del New.exe" KamiFlame (talk) 13:50, 21 January 2009 (UTC)
 * That isn't the Conficker worm. The Conficker worm does not have an exe component. It is just a single DLL file.

I've had the virus, and I can tell you exactly what the symtoms are. First, it takes over the browser, and when you click on a Google search result of most anything it takes you to a different web page with ads and other links. It also displayed a page that looked like "My Computer" with a real time virus count message appearing in red to get your attention. Then it tried to sell me antivirus software with a pop-up window. It also generated a "fake memory error" on my laptop and caused the machine to reboot randomly every 10-20 minutes. In addition, it prevented me from going to any websites to either learn about the virus or get tools to eradicate the virus. It installed a new hosts table with certain websites redirected to 127.0.0.1. It also prevented certain applications already installed on the hard drive from executing. I finally was able to get an online scan tool to run (from a website that didn't have anything related to security in its name), but during the scan the machine rebooted (see above symptom). While I was ultimately able to remove the virus, the machine had other software and drivers damaged, so when I got back home I restored from a backup Ghost image I made when the machine was new and I had tweaked the software to my liking. This is one of the nastiest viruses I've ever seen, and my laptop was updated with the latest patches, etc., so I'm not sure how I got it. I was at a hotel on their wireless network at the time of infection.

---You were on a public network...duh! that would be how you caught it. 75.89.166.147 (talk) 16:16, 26 February 2009 (UTC) TiaF

Picture
Currently there's a picture of a Sandisk Cruzer with the caption "Conficker spreads via portable storage devices." This picture is not just unnecessary (if you don't know what a USB stick is, look up the article), it could actually give the impression (to stupid people, admittedly) that Sandisk has anything to do with it, which of course they don't. I removed the picture to offset these concerns, and added a link to USB flash drive. 82.95.254.249 (talk) 14:08, 21 January 2009 (UTC)

"consisting of the abbreviation con for configuration and the nominalized form of the obscene German verb ficken (the bad f word)"

Are we children. Either let us use our imaginations as to what "ficken" means, or be more, er, explicit. Monkeyspearfish (talk) 16:38, 21 January 2009 (UTC)
 * I replaced it with 'fuck'. Wikipedia is not censored! ~-F.S-~(Talk,Contribs,Online?) 16:53, 21 January 2009 (UTC)


 * Someone is removing the definition for "ficken" and insisting that it is a homophone for "configure", which is original research and not plausible (IMHO). Reverting. 65.169.210.66 (talk) 23:05, 22 January 2009 (UTC)


 * It's a fact that the English word "to configure" is pronounced in English almost exactly like "conficker is pronounced in German". Just with the difference that the "ck" in German is pronounced slightly harder than the "g" in English. That's exactly what homophone means. Furthermore, the German "ficken" not only is a term for sexual intercourse. Just like the English "fuck", "ficken" can be used in slang for stealing, beating someone up, etc... So i took the liberty to at least link to the f-word. Conficker is causing German press to use the f-word uncensoredly, and talking to people about this worm very often causes disturbance. Just imagine what this would be like if the worm's name would have been "confucker" (which is what I would say is the literal translation of the pun) -- what then? €0.02, --Volty (talk) 13:09, 27 January 2009 (UTC)
 * I don't have an issue with it being like "config," if that is a fact. I was just interested in the making sure the "ficken" vulgarity was not glossed over. This homophone business is still original research as far as I am concerned, though.65.169.210.66 (talk) 17:08, 27 January 2009 (UTC) —Preceding unsigned comment added by 24.21.10.30 (talk)


 * True, Wikipedia is not censored, but there are still policies about being offensive, and that word is offensive. Since we're adults, we surely don't need it spelled out for us. I suggest a change to something like, "...which is offensive in English." Carl.antuar (talk) 11:06, 23 January 2009 (UTC)


 * "Wikipedia is not censored, but there are still policies about being offensive, and that word is offensive."


 * BULLS***! ...Is that word too offensive for you, too?   Techno Faye Kane  07:14, 28 March 2009 (UTC)

"ficken" is described as obscene, but that is an exaggeration. Its use is typically considered not or only mildly offensive by native speakers depending on the context. E.g. the title of a German movie from 2002, "Fickende Fische", did not spark any public outcry, and it received an FSK 12 rating. Certain uses of the word may of course be considered obscene but this is true even of the most harmless words. Aragorn2 (talk) 05:35, 24 January 2009 (UTC)
 * I think that might be part of German culture, though. Nudity and sexual slang/references doesn't cause as much commotion as in the USA, also it is not considered harmful for children. At least if Germany is similar to Sweden, where I live. That movie was given the Swedish title "Knullar fiskar?" ("Do fish fuck?", and they do not), given a 11 yrs rating, and didn't cause any storm, here either. 惑乱 Wakuran (talk) 13:19, 26 January 2009 (UTC)
 * Actually, I cannot come up with a more obscene German word for that kind of activity than "ficken". Just as Wakuran said, Germans are much more liberal with nudity and sex also in the presence of children. Sexual education here starts in primary school at an age of around seven. -- H005 (talk) 19:17, 16 February 2009 (UTC)

Conficker a pun of German Hackers? Perhaps, but absurd in this case. The name Conficker is one of the tons of domains, like bxtopike or browser or leyloenk, randomly created by the worm, chosen from the first person, who reported on Nov. 21th, 2008, that a worm who abuses Vulnerability in M$ Server Service MS08-067, is wild. --Ledenpas (talk) 21:38, 26 January 2009 (UTC)
 * So shouldn't the explanation with the German verb being deleted? there is more doubt than proof for this theory --jefo (talk) 19:34, 29 January 2009 (UTC)
 * How about we all grow up and realize that "fuck" is just a word and in this case it has no impact on anything other than your sensitive little brains. Grow up and "NO, you were not offended."

The fact is, whoever wrote about the origin of the name made it up. See http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.a, analysis tab, at the bottom. —Preceding unsigned comment added by 216.73.217.121 (talk) 23:53, 9 February 2009 (UTC)

"Ficker" actually means "fucker", not "to fuck" 124.171.207.238 (talk) 01:33, 1 April 2009 (UTC)

Systems Affected
This Symantec summary claims that affected systems includes Windows 95, Windows 98, Windows Me and Windows NT. These operating systems are not included in this article, should they? - Shiftchange (talk) 13:26, 22 January 2009 (UTC)

I think that it might be able to spread on 9x useing USB but I dont it can do much damage to the system or spread via network Stevenh123 (talk) 20:49, 30 March 2009 (UTC)

If it can infect a 9x system it would be very limited to which ones it could infect, 95 and the original 98 had little to no support for USB flash drives. Most flash drives require at least 98se and a driver. Also I beleive that the writer of this worm would take the time to make it so that it could infect both 9x and NT systems when most of the windows based computers run a NT system whether it is 2000, xp, or vista. Codeman177 (talk) 02:22, 1 April 2009 (UTC)

The actual conficker progam code can't run on windows 98 because most of it's functionality is based on NT-based services. Conficker can't spread via MS08-067 because like other netbios exploits, win-98 is simply not vulnerable to them the way that NT-based OS's are / were. Win-98 might execute the autorun.inf file that's present on infected removable media, but again the execution would fail because the code is designed to run on NT-based systems. Win-98 proves again to be less vulnerable to worm-like exploitation via network connection compared to win2k/XP/2k3. The claims that win98 is a less secure operating system continue to ring hollow. —Preceding unsigned comment added by 74.12.203.91 (talk) 13:14, 12 April 2009 (UTC)

Impact
I added the 15 million computers infected bit. It needs corroboration. I am not sure if it's true. —Preceding unsigned comment added by Anna Frodesiak (talk • contribs)
 * Yeah, I've seen that number on various news sites, although I think it's just an estimate. There hasn't been much news on it lately, but unless it somehow got contained it's probably on 20 million Windows PCs or more by now. Althepal (talk) 21:07, 2 February 2009 (UTC)
 * It's doubtful that there are 20 million computers infected, partly due to the increasing alertness. The best estimates are between 9 to 12 million I believe, with a very recent article citing 10 million - http://www.winsupersite.com/server/conficker.asp . Since I don't have permission, someone might also want to add the fact to the article that the preventive patch from Microsoft has been available since October 2008, which might help people realise how much they need to be left behind to get infected, and will probably help calm down others who patch at least monthly. —Preceding unsigned comment added by DelphinidaeZeta (talk • contribs) 10:47, 1 April 2009 (UTC)
 * Actually, only Conficker.A infects system via unpatched systems. That's how it mainly got around, Conficker.B, C, and D do not spread via unpatched systems but by systems with no firewall, antivirus, unprotected shares, weak passwords, usb and cd drives, etc. However, the new Conficker.E spreads via all of those plus the methods Conficker.A uses (unpatched systems mainly), making it use of all unprotected computers. Broken Fruit (talk) 20:00, 10 April 2009 (UTC)

More news on Conficker - just visit Google News:- French figher planes grounded by computer virus (might need to say this is 'allegedly' until they confirm)

Computer virus shuts down Houston municipal courts

More usefully, OpenDNS are offering an alternative means of protection from Conficker:- —Preceding unsigned comment added by 217.34.138.161 (talk) 13:11, 9 February 2009 (UTC)

Origin of name
Does anyone get the explanation on http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.A (see Tab Analysis, bottom)? (fic)(con)(er) => (con)(fic)(+k)(er) => conficker

The old explanation was much more plausible to me (but I'm no expert).

--Abe Lincoln (talk) 21:44, 16 February 2009 (UTC)


 * It doesn't sound very reasonable to me either, but until we have reliable sources, we better do not mention it at all. -- H005 (talk) 23:34, 16 February 2009 (UTC)
 * Then put both on the article.200.90.238.140 (talk) 03:44, 27 March 2009 (UTC)
 * Done Replysixty (talk) 05:49, 30 March 2009 (UTC)
 * Con-ficken (Conficken sounds like configure) (Ficken=german for fuck). Confucker.  By the way, according to MSNBC, no damage has been done.  Montgomery&#39; 39 (talk) 19:54, 1 April 2009 (UTC)
 * Why is this necessarily German? Configuration+fucker=Confi+cker=Conficker.  Simple enough in English, too, don't you think? :) ReveurGAM (talk) 10:38, 6 April 2009 (UTC)