Find out how much you know about the Conficker worm. (Fill in the blank.)

1. Conficker was first spotted ________ on November 21, 2008. It exploits a vulnerability in the Windows Server service. (Hint: Opposite of “in the lab.”) 

Answer

2. The vulnerability allows remote code execution when an affected system received specially crafted RPC request. What does RPC stand for? 

Answer

3. Once a computer is infected, it stops Microsoft’s WUS and disables anti-virus tools. What is Microsoft’s WUS?

 Answer

4. Some versions of Conficker use websites to deliver updates. To hide the sites from law enforcement, the worm generates about 50,000 decoy domain _______ each day. 

Answer

5. Some versions of the worm include ________ functionality so that infected computers can communicate between themselves without the need for a server.

 Answer

6. Some versions of the worm use the MD6 hashing algorithm to obscure communication between infected PCs.  The algorithm was developed at MIT by a team led by Professor Ronald L. Rivest. What other cryptography algorithm is he associated with? 

Answer

7. It’s widely believed that the cyber-criminals behind this worm are building a ________ that can be rented out.

 Answer

8. _________ has put up a $250,000 reward for any information that leads to the arrest of a Conficker programmer. 

Answer

9.  Criminals are exploiting the notoriety of this malware to distribute other malicious code from domains ranked highly in Internet searches for the word '__________.' 

Answer

10. There is more than one way to profit monetarily from Conficker. F-Secure.com has identified several _________ anti-virus products for sale that do nothing but take your money. 

Answer

Learn more

Microsoft calls next Conficker variant 'manageable.'

Is the Conficker botnet ready to be split and sold?

Microsoft has offered a $250K bounty for the Conficker writer.