Raymond.CC Blog

Conficker Worm is Still Circulating in TM Datacenter

·

Probably many of you have heard of the Conficker worm that has infected probably millions of computers in the whole world. As long as the computer is running an unpatched Windows XP or Vista, or without an Internet Security or Antivirus that can detect Conficker, chances are the worm could have found their way in. Conficker worm is quite an old news but only until recently I have encountered with this Conficker worm. I rented a dedicated server in Malaysia located in TM datacenter and the webhost installed Windows Server 2008 R2. I don’t really need a server operating system so I requested them to change it to the good old Windows XP.

Once they have finished installing XP, they gave me the user account information so that I can login using Remote Desktop Connection. The first thing that I always do when I get my hands on a newly installed Windows operating system is to go to Windows Update to download the hotfixes and service pack. I opened Internet Explorer and the default Microsoft page couldn’t load. Then I tried accessing the Windows Update and the page wasn’t accessible too! There was no problems in loading Google.com. The first thing that came to my mind was a bad HOSTS file. I checked the HOSTS file and it was clean. Next thing in line that could be the problem is the DNS server which translates domain name to IP address. Changed to Google DNS servers but still no go.

Finally I figured that it could be a virus or worm so I searched in Symantec’s website and the symptoms points to a Conficker worm. The Conficker worm is so shockingly smart that it was able to instantly infect a non patched Windows XP automatically by hacking in without any user interaction. One of the easiest way to confirm that the computer is infected by the Conficker worm is to visit the Conficker Eye Chart webpage. There are 6 images on the webpage and if the web browser is unable to show some of the images, then it is very likely that Conficker is causing it. The simple test is an easy yet effective method because the Conficker worm blocks a lot of security and manufacturer’s website such as F-Secure, Trend Micro, Dell and etc but not OpenBSD, FreeBSD and Linux website.
Conficker Eye Chart