Conficker is now active to do its dirty jobs on Microsoft Operating Sytem?

Pentagon and other agencies are preparing to defend against cyber attacks. Meanwhile, here are ways to protect your computer.

Internet security experts say that the computer worm known as Conficker, which has the ability to silently penetrate vulnerabilities within the Microsoft operating system, is beginning to rear its ugly head.

They say that the software is installing new and malicious programs on some of the computers it has already invaded with the aim of using those PCs to send out criminal spam and scrounge around on unsecured computers for valuable personal data, Reuters reported Friday.

Conficker, also called Downadup and Kido, works like this: Once the worm wiggles into a PC, it then has the ability to install software and enable the computer to receive additional viruses from the program’s creators. It can also link an individual PC to other infected machines and create an army of computers under its control, called a botnet, which can be strung together for launching cyberattacks.

Millions of PCs already invaded

Experts say that the Conficker worm has already dug into millions of PCs but only been activated in a small percent of them. It was feared that the makers of the software program would trigger a massive attack on April 1. While that didn’t happen, the US Computer Emergency Readiness Team (US-CERT) said earlier this month that it has detected a new variant of the worm that “updates earlier infections via its peer-to-peer network against unpatched systems.”

Microsoft released a security patch last year to improve its systems’ security in an effort to combat Conficker. The patch is still available at Microsoft.com, but an estimated 30 percent of Microsoft users have not updated their systems.

While many say that the Conficker Worm is one of the most sophisticated they have come across — and the most widespread since a worm called Slammer that spread in 2003 — there are some simple protections that PC users can take. In addition to the free updates available from Microsoft, computer users can purchase an array of antivirus programs from software makers such as Symantec or McAfee.

How to test your computer

An easy test for computer users to perform to see if Conficker might be on their PCs is to simply attempt to log into some of these software security company’s website. The worm has the ability to block access to many security company sites.

Cyber security is becoming an increasing concern in the US and around the world amid the growth in Internet activity as well as in the level of sophistication being seen in malicious programs such as Conficker.

According to The Wall Street Journal, a new Pentagon Cyber Command will oversee the defense of US computer networks and cyber-attack operations. The paper reported Friday that Defense Secretary Robert Gates will name Keith Alexander, director of the National Security Agency, to head the Cyber Command operation.

Secretary Gates said in a memo reviewed by the Journal that, “our increasing dependency on cyberspace, alongside a growing array of cyber threats and vulnerabilities, adds a new element of risk to our national security.”

White House recommendations

The Obama administration is expected to release its own set of recommendations for cybersecurity policy as early as next week.

While many cyber-watchers hoped that Melissa Hathaway, President Obama’s top cyber czar, would shed some light into what those specific policy recommendations might be, she offered little in terms of specifics in a speech earlier this week at a San Francisco computer security conference.

Instead she focused on what went into the administration’s recently-completed 60-day review of US cyberspace policy, which many critics say has been ineffectual because it has not been streamlined under one agency.

“It can be said that the federal government is not organized appropriately to address this growing problem because responsibilities for cyberspace are distributed across a wide array of federal departments and agencies,” she said. “We need an agreed way forward based on common understanding and acceptance of the problem.”

Aston Martin continues to tease the One-77

It's hard to think of a DB-9 or Vanquish as anything other than automotive perfection, so when the Brits in Gaydon say the One-77 is the embodiment of Aston Martin design, color us interested. The ultra-exclusive two-seat supercar seems to have it all: a 700 hp V12, carbon fiber chassis, aluminum body, and the ultimate in Aston design. The One-77 has an exclusive price tag of about £1,050,000 before taxes, too, and even the Paris Motor Show isn't a big enough venue to unveil the full design to the world.

Aston Martin is sure playing up the anticipation for the One-77, and even though there is absolutely no shot we'll ever get to drive one, we're taking the bait. Teasers and sneak peaks are all we're getting at this point, and with a full year before it goes on sale, we could be waiting a bit longer. Aston CEO Bez Ulrich and chief designer Mark Reichman sat down to discuss the One-77 with the cameras rolling, and the two key players on team Martin seem to be in love with this vehicle. Hit the jump to see more glimpses of the One-77 lurking in the shadows, while Bez and Mark shower the mega-exclusive supercar with verbal praise. Now just show us the whole damn car already!

Super Multi-tasking on my Hackintosh

Upgrade my ram...

4GB of 800MHz SDRAM only spent RM150 = CHEAP!!!
sorry that my wallpaper is an Aston Martin DBS
I love that car very much including Aston Martin One-77...wishing to have one of them

Conficker is mainly targeting Windows!

Virus Encyclopedia: Worm:Win32/Conficker.B

Name: Worm:Win32/Conficker.B Threat: Low Please note: Some threat information may be available in English only. Aliases: TA08-297A (other) CVE-2008-4250 (other) VU827267 (other) Win32/Conficker.A (CA) Mal/Conficker-A (Sophos) Trojan.Win32.Agent.bccs (Kaspersky) W32.Downadup.B (Symantec) Confickr (other) Worm:Win32/Conficker.B is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products. Microsoft strongly recommends that users apply the update referred to in Security Bulletin MS08-067 immediately. Microsoft also recommends that users ensure that their network passwords are strong to prevent this worm from spreading via weak administrator passwords. More information is available/

How do I know if my computer is infected?

System Changes

The following system changes may indicate the presence of this malware:

• The following services are disabled or fail to run:
Windows Update Service
Background Intelligent Transfer Service
Windows Defender
Windows Error Reporting Services

• Some accounts may be locked out due to the following registry modification, which may flood the network with connections:
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"TcpNumConnections" = "0x00FFFFFE"

• Users may not be able to connect to websites or online services that contain the following strings:
virus
spyware
malware
rootkit
defender
microsoft
symantec
norton
mcafee
trendmicro
sophos
panda
etrust
networkassociates
computerassociates
f-secure
kaspersky
jotti
f-prot
nod32
eset
grisoft
drweb
centralcommand
ahnlab
esafe
avast
avira
quickheal
comodo
clamav
ewido
fortinet
gdata
hacksoft
hauri
ikarus
k7computing
norman
pctools
prevx
rising
securecomputing
sunbelt
emsisoft
arcabit
cpsecure
spamhaus
castlecops
threatexpert
wilderssecurity
windowsupdate

Top of page

Recovery Instructions

Microsoft strongly recommends that users apply the update referred to in Security Bulletin MS08-067immediately.

To detect and remove this threat run a full-system scan with an up-to-date antivirus product such as the Microsoft online scanner (http://safety.live.com). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

Note: Computers infected by Conficker may be unable to connect to web sites related to security applications and services that may otherwise assist in the removal of this worm (for example, downloading antivirus updates may fail). In this case users will need to use an uninfected computer in order to download any appropriate updates or tools and then transfer these to the infected computer.

Microsoft Help and Support have provided a detailed guide to removing a Conficker.B infection from an affected computer, either manually or by using the MSRT (Malicious Software Removal Tool).

For detailed instructions on how to manually remove Conficker.B, view the following article using an uninfected computer:

http://support.microsoft.com/kb/962007 - Virus alert for Win32/Conficker.B and manual removal instructions

Additional information on deploying MSRT in an enterprise environment can be found here:

http://support.microsoft.com/kb/891716 - Deployment of MSRT in an enterprise environment

Top of page

Preventing infection

Take the following steps to help prevent infection on your system:

• Enable a firewall on your computer.
• Get the latest computer updates for all your installed software, including Security Bulletin MS08-067.
• Use up-to-date antivirus software.
• Use caution when opening attachments and accepting file transfers.
• Use caution when clicking on links to web pages.
• Protect yourself against social engineering attacks.

Enable a firewall on your computer

Use a third-party firewall product or turn on the Microsoft Windows Internet Connection Firewall.

To turn on the Windows Firewall in Windows Vista

1. Click Start, and click Control Panel.
2. Click Security.
3. Click Turn Windows Firewall on or off.
4. Select On.
5. Click OK.

To turn on the Internet Connection Firewall in Windows XP

1. Click Start, and click Control Panel.
2. Click Network and Internet Connections. If you do not see Network and Internet Connections, click Switch to Category View.
3. Click Change Windows Firewall Settings.
4. Select On.
5. Click OK.

Get the latest computer updates

Updates help protect your computer from viruses, worms, and other threats as they are discovered. It is important to install updates for all the software that is installed in your computer. These are usually available from vendor websites.

You can use the Automatic Updates feature in Windows to automatically download future Microsoft security updates while your computer is on and connected to the Internet.

To turn on Automatic Updates in Windows Vista

1. Click Start, and click Control Panel.
2. Click System and Maintainance.
3. Click Windows Updates.
4. Select a setting. Microsoft recommends selecting Install updates automatically and choose a time that is convenient for you. If you do not choose Automatic, but you choose to be notified when updates are ready, a notification balloon appears when new downloads are available to install. Click the notification balloon to review and install the updates.

To turn on Automatic Updates in Windows XP

1. Click Start, and click Control Panel.
2. Click System.
3. Click Automatic Updates.
4. Select a setting. Microsoft recommends selecting Automatic. If you do not choose Automatic, but you choose to be notified when updates are ready, a notification balloon appears when new downloads are available to install. Click the notification balloon to review and install the updates.

Use Strong Administrator Passwords

Microsoft also recommends that users ensure that their network passwords are strong to prevent this worm from spreading via weak administrator passwords. More information is available here.

Use up-to-date antivirus software

Most antivirus software can detect and prevent infection by known malicious software. To help protect you from infection, you should always run antivirus software that is updated with the latest signature files. Antivirus software is available from several sources. For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

Use caution when opening attachments and accepting file transfers

Exercise caution with e-mail and attachments received from unknown sources, or received unexpectedly from known sources. Use extreme caution when accepting file transfers from known or unknown sources.

Use caution when clicking on links to web pages

Exercise caution with links to web pages that you receive from unknown sources, especially if the links are to a web page that you are not familiar with or are suspicious of. Malicious software may be installed in your system simply by visiting a web page with harmful content.

Avoid downloading pirated software

Threats may also be bundled with software and files that are available for download on various torrent sites. Downloading "cracked" or "pirated" software from these sites carries not only the risk of being infected with malware, but is also illegal. For more information. please see our article 'The risks of obtaining and using pirated software'.

Protect yourself from social engineering attacks

While attackers may attempt to exploit vulnerabilities in hardware or software in order to compromise a system, they also attempt to exploit vulnerabilities in human behavior in order to do the same. When an attacker attempts to take advantage of human behavior in order to persuade the affected user to perform an action of the attacker's choice, it is known as 'social engineering'. Essentially, social engineering is an attack against the human interface of the targeted system. For more information, please see our article 'What is social engineering?'.

Top of page

Technical information for more advanced users

Worm:Win32/Conficker.B is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.

Installation

Worm:Win32/Conficker.B attempts to copy itself in the Windows system folder as a hidden DLL file using a random name. If the attempt fails, it may then attempt to copy itself with the same parameters in the following folders:

%ProgramFiles%\Internet Explorer
%ProgramFiles%\Movie Maker

It creates the following registry entry to ensure that its dropped copy is run every time Windows starts:

Adds value: "<random string>"
With data: "rundll32.exe <system folder>\<malware file name>.dll,<malware parameters>"
To subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run

It may also load itself as a service that is launched when the netsvcs group is loaded by the system file svchost.exe.

It may also load itself as a fake service by registering itself under the following key:
HKLM\SYSTEM\CurrentControlSet\Services

It may use a display name that is created by combining two of the following strings:

Boot
Center
Config
Driver
Helper
Image
Installer
Manager
Microsoft
Monitor
Network
Security
Server
Shell
Support
System
Task
Time
Universal
Update
Windows

It may also combine random characters to create the display name.

Spreads Via...

Network Shares with Weak Passwords

Worm:Win32/Conficker.B attempts to infect machines within the network.

It first attempts to drop a copy of itself in a target machine's ADMIN$ share using the credentials of the currently logged-on user.

If this method is unsuccessful, for example, the current user does not have the necessary rights, then it instead obtains a list of user accounts on the target machine. It then attempts to connect to the target machine using each user name and the following weak passwords:

123
1234
12345
123456
1234567
12345678
123456789
1234567890
123123
12321
123321
123abc
123qwe
123asd
1234abcd
1234qwer
1q2w3e
a1b2c3
admin
Admin
administrator
nimda
qwewq
qweewq
qwerty
qweasd
asdsa
asddsa
asdzxc
asdfgh
qweasdzxc
q1w2e3
qazwsx
qazwsxedc
zxcxz
zxccxz
zxcvb
zxcvbn
passwd
password
Password
login
Login
pass
mypass
mypassword
adminadmin
root
rootroot
test
testtest
temp
temptemp
foofoo
foobar
default
password1
password12
password123
admin1
admin12
admin123
pass1
pass12
pass123
root123
pw123
abc123
qwe123
test123
temp123
mypc123
home123
work123
boss123
love123
sample
example
internet
Internet
nopass
nopassword
nothing
ihavenopass
temporary
manager
business
oracle
lotus
database
backup
owner
computer
server
secret
super
share
superuser
supervisor
office
shadow
system
public
secure
security
desktop
changeme
codename
codeword
nobody
cluster
customer
exchange
explorer
campus
money
access
domain
letmein
letitbe
anything
unknown
monitor
windows
files
academia
account
student
freedom
forever
cookie
coffee
market
private
games
killer
controller
intranet
work
home
job
foo
web
file
sql
aaa
aaaa
aaaaa
qqq
qqqq
qqqqq
xxx
xxxx
xxxxx
zzz
zzzz
zzzzz
fuck
12
21
321
4321
54321
654321
7654321
87654321
987654321
0987654321
0
00
000
0000
00000
00000
0000000
00000000
1
11
111
1111
11111
111111
1111111
11111111
2
22
222
2222
22222
222222
2222222
22222222
3
33
333
3333
33333
333333
3333333
33333333
4
44
444
4444
44444
444444
4444444
44444444
5
55
555
5555
55555
555555
5555555
55555555
6
66
666
6666
66666
666666
6666666
66666666
7
77
777
7777
77777
777777
7777777
77777777
8
88
888
8888
88888
888888
8888888
88888888
9
99
999
9999
99999
999999
9999999
99999999

If Win32/Conficker.B successfully accesses the target machine, for example, if a combination of any of the obtained user names and one of the above passwords allows write privileges to the machine, then it copies itself to an accessible admin share as ADMIN$\System32\<random letters>.dll.

Creates Remote Scheduled Job

After compromising a machine remotely, Win32/Conficker.B creates a remote schedule job with the command “rundll32.exe <malware file name>.dll,<malware parameters>" to activate the copy, as shown in the images below:

Mapped and Removable Drives

Worm:Win32/Conficker.B may drop a copy of itself in all mapped and removable drives using a random file name. The worm creates a folder in the root of these drives named 'RECYCLER' (in Windows XP and previous versions, the folder "RECYCLER" references the "Recycle Bin"). Next, the worm copies itself as the following:

<drive:>\RECYCLER\S-%d-%d-%d-%d%d%d-%d%d%d-%d%d%d-%d\<random letters>.dll

Where %d is a randomly chosen letter. The worm also drops a corresponding autorun.inf file, which enables the worm copy to execute if the drive is accessed and Autoplay is enabled. This autorun.inf file is detected as Worm:Win32/Conficker.B!inf.

The image below illustrates how a user could potentially launch the worm when accessing an infected share:

Note that the language in the first option suggests the user could 'open folder to view files' however the option is under 'Install or run program', an indication that opening the folder will actually execute an application. Another hint that the action is to execute the worm is the text 'Publisher not specified'. The highlighted choice under 'General options' in the image above would allow a user to view the share and not execute the worm copy.

MS08-067 HTTP 'call back'

Worm:Win32/Conficker.B spreads to systems that are not yet patched against a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, the worm instructs the target computer to download a copy of the worm from the host computer via HTTP protocol using the random port between 1024 and 10000 opened by the worm. The vulnerability is documented in Microsoft Security Bulletin MS08-067.

Payload

Modifies System Settings

Worm:Win32/Conficker.B changes system settings so that the user cannot view hidden files. It does this by modifying the following registry entry:

Adds value: "CheckedValue"
With data: "0"
To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL

It also modifies the system's TCP settings to allow a large number of simultaneous connections, where 0x00FFFFFE is hexadecimal and equals 16,777,214 decimal value:

Adds value: "TcpNumConnections"
With data: "0x00FFFFFE"
To subkey: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

The worm drops a temp file to aid restarting the TCP/IP service for the modification to take effect. The dropped file is detected as Trojan:WinNT/Conficker.B.

Disables TCP/IP Tuning, Terminates and Disables Services

Win32/Conficker.B disables Windows Vista TCP/IP auto-tuning by executing the following command:

netsh interface tcp set global autotuning=disabled

This worm terminates several important system services, such as the following:

• Windows Security Center Service (wscsvc) – notifies users of security settings (e.g. Windows update, Firewall and AntiVirus)
• Windows Update Auto Update Service (wuauserv)
• Background Intelligence Transfer Service (BITS) – used by Windows Update to download updates using idle network bandwidth
• Windows Defender (WinDefend)
• Error Reporting Service (ersvc) – sends error reports to Microsoft to help improve user experience
• Windows Error Reporting Service (wersvc)

Win32/Conficker.B deletes the registry key for Windows Defender, disabling it from running when the system starts.

Deletes value: "Windows Defender"

In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Run

It also disables any process that has a module name containing any of the following strings from sending network traffic or data (note that most of these strings are related to antivirus and security software, thus effectively disabling the products from acquiring signature updates, and possibly preventing users from accessing websites with these strings in the URL):

virus
spyware
malware
rootkit
defender
microsoft
symantec
norton
mcafee
trendmicro
sophos
panda
etrust
networkassociates
computerassociates
f-secure
kaspersky
jotti
f-prot
nod32
eset
grisoft
drweb
centralcommand
ahnlab
esafe
avast
avira
quickheal
comodo
clamav
ewido
fortinet
gdata
hacksoft
hauri
ikarus
k7computing
norman
pctools
prevx
rising
securecomputing
sunbelt
emsisoft
arcabit
cpsecure
spamhaus
castlecops
threatexpert
wilderssecurity
windowsupdate

Resets System Restore Point

Win32/Conficker.B may reset the computer's system restore point, potentially defeating recovery using System Restore.

Checks for Internet Connectivity

Win32/Conficker.B checks if the system has an Internet connection by attempting to connect to the following websites:

aol.com

cnn.com

ebay.com

msn.com

myspace.com

Downloads Arbitrary Files

Depending on the system date, Win32/Conficker.B may build a URL to download files starting on January 1, 2009. The generated URL has a domain name that is based on the current system date. It uses one of the following top level domains:

.cc

.cn

.ws

.com

.net

.org

.info

.biz

For example, 'aaovt.com' or 'aasmlhzbpqe.com'.

The generated domain name is first converted to the dot notation, for example, 'aaovt.com' may be converted to '192.168.16.0'. This generated IP address is then used for the URL, according to the following pattern:

http:// generated IP>/search?q=%d

Some examples of the constructed URLs are as follows:

aaovt.com
aasmlhzbpqe.com
addgv.com
ajsxarj.org
apwzjq.ws
aradfkyqv.org
arztiwbeh.cc
baixumxhmks.ws
bfwtjrto.org
bfwvzxd.info
bmaeqlhulq.cc
byiiureq.cn
cbizghsq.cc
cbkenfa.org
ciabjhmosz.cc
cruutiitz.com
ctnlczp.org
ctohyudfbm.cn
dcopyoojw.com
djdgnrbacwt.ws
dmwemynbrmz.org
dofmrfqvis.cn
doxkknuq.org
dozjritemv.info
dyjsialozl.ws
eaieijqcqlv.org
eewxsvtkyn.net
eidqdorgmbr.net
eiqzepxacyb.cn
ejdmzbzzaos.biz
ejmxd.com
ejzrcqqw.net
ekusgwp.cc
eprhdsudnnh.biz
evmwgi.ws
falru.net
fctkztzhyr.org
fdkjan.net
fhfntt.org
fhspuip.biz
fjpzgrf.net
fkzdr.cn
ftjggny.com
fuimrawg.info
ghdokt.cn
glbmkbmdax.biz
gmhkdp.org
gocpopuklm.org
grwemw.biz
gtzaick.cc
gxzlgsoa.info
gypqfjho.info
hduyjkrouop.info
hfgxlzjbfka.biz
hkgzoi.com
hliteqmjyb.net
hmdtv.ws
hoyolhmnzbs.net
hprfux.cc
hqbttlqr.org
hueminaii.org
hvogkfiq.info
ifylodtv.ws
iivsjpfumd.ws
ilksbuv.cn
imuez.biz
izxvu.biz
jaumgubte.biz
jhbeiiizlfk.cn
jrdzx.cc
jshkqnnkeao.biz
judhei.com
jxfiysai.cc
jzoowlbehqn.info
karhhse.com
kbyjkjkbb.info
kjsxokxg.org
krudjhvk.org
kuiwtbfa.org
lauowjef.cn
lhirjymcod.net
liugwg.net
lksvlouw.ws
llgkuclk.info
lnpsesbcm.cn
lssvxqkqfmf.org
lygskbx.cc
mafwkeat.cn
mgqrrsxhnj.com
mhklpsbuh.cc
mknuzwq.cc
mqjkzbov.net
myfhc.com
navjrj.org
nbpykcdsoms.com
ncbeaucjxd.org
npfxmztnaw.cn
nuiptipwjj.cc
nvpmfnlsh.ws
oagwongs.ws
odvsz.net
okkpuzqck.ws
oqolfrjq.cn
orduhippw.cn
orpngykld.com
orxfq.ws
othobnrx.org
otnqqaclsgx.info
otukeesevg.biz
pbfhhhvzkp.cc
pbpigz.cn
pcnpxbg.cc
pdfrbmxh.biz
pfdthjxs.cc
phaems.cc
phetxwmjqsj.cc
pmanbkyshj.ws
pnjlx.cc
ppzwqcdc.cc
psabcdq.cc
ptdlwsi.cn
pvowgkgjmu.biz
pwsjbdkdewv.info
qbuic.com
qdteltj.org
qeotxrp.com
qfeqsagbjs.biz
qfhqgciz.org
qfogch.com
qijztpxaxk.cn
qlqrgqordj.ws
qpiivu.cn
qpuowsw.cc
qqbbg.cc
qrrzna.net
qvrgznvvwz.ws
qwdervbq.org
qwnydyb.cc
qzbpqbhzmp.com
rkfdx.org
rpphv.org
rskvraofl.info
ryruatsot.biz
sdkhznqj.info
sezpo.org
sfozmwybm.com
skwmyjq.org
solmpem.com
sqmsrvnjits.cc
stlgegbye.net
syryb.org
tdwrkv.ws
tfpazwas.cc
tigeseo.org
tjyhrcfxuc.cn
tkbyxr.ws
tlmncy.cn
tmlwmvv.ws
tnerivsvs.net
tomxoa.org
trpkeyqapp.net
tyjtkayz.com
uazlwwiv.org
ucgqvyjgpk.cn
uixvflbyoyi.biz
ujawdcoqgs.org
upxva.net
uuvjh.biz
uzugvbnvs.cn
vgmkhtux.ws
vjllpcucnp.cn
vkgxgxto.com
vwiualt.com
waxggypgu.org
wccckyfrtf.net
wfdnvlrcb.org
whjworuc.com
wmiwxt.biz
wohms.biz
wqqfbutswyf.info
wsdlzmpbwhj.net
xiclytmeger.cc
xkjdzqbxg.cn
xldbmaztfu.biz
xlwcv.cn
xqbovbdzjz.info
xwbubjmhinr.info
yfpdcquil.info
yfybk.ws
yhrpqjhp.biz
yoblqeruib.org
yoyze.cc
yshpve.cc
ysrixiwyd.com
ytfvksowgul.org
ywsrtetv.org
yzymygez.biz
zcwjkxynr.com
zfgufbxi.net
zkimm.info
zmoeuxuh.ws
zokxy.net
zqrsbqzhh.cc
zttykt.info
zutykstmrxq.ws

It checks the system date if it is January 1, 2009 or later. It also checks the following websites for the date, presumably for verification:

baidu.com
google.com
yahoo.com
msn.com
ask.com
w3.org

Additional Information

The name of this threat was derived by selecting fragments of the domain 'trafficconverter.biz', a string found in Worm:Win32/Conficker.A:

(fic)(con)(er) => (con)(fic)(+k)(er) => conficker

Analysis by Jireh Sanico

Intel rolls out Xeon

Intel Xeon founded in From 1998 to present.However , the Xeon brand refers to many families of Intel's x86 multiprocessing CPUs – for dual processor and multi-processor (MP) configuration on a single motherboard targeted at non-consumer markets of server and workstation computers, and also at blade servers and embedded system. The Xeon brand has been maintained over several generations of x86 and x86-64 processors. Older models added the Xeon moniker to the end of the name of their corresponding desktop processor, but more recent models used the name Xeon on its own. The Xeon CPUs generally have more cache than their desktop counterparts in addition to multiprocessing capabilities. Intel's (non-x86)IA-64processors are called Itanium, not Xeon.

its newest and most powerful family of microprocessors, the Xeon, announcing more than 70 customers for a more energy-efficient chip targeted at an increasingly crowded server market. The world's largest chipmaker officially announced its Xeon chip for servers and workstations on Monday, based on its "Nehalem" design, technology that had been incorporated in Apple's Mac Pro since January. Analysts said the new processors may help it cement its position just as Cisco readies a push into the market and a potential reorganization looms with sources and media saying IBM may buy server-maker Sun Microsystems

"The server business is very competitive," said Douglas Davis, vice president of the digital enterprise group and general manager for Intel's embedded and communications group.

Xeon "will drive a set of requirements for the data center infrastructure."

Manufacturers and analysts say one of the next battles in the chip industry revolves around the amount of energy required to run data centers. A chip that performs better without drawing more power or producing more heat could be key.