Conficker worm

[cdd]

Presumably you've all heard about the conficker worm that the media are hyping about. However I have a question.

Namely, if this worm connects to a list of predictable domain names to download updates for itself, why can't the security companies set up a future domain name that contains software that removes the worm?

What am I missing here?

[marksi]

The fact that the malware is unlikely to be programmed to visit a site that would remove it?

[cdd]

Well I agree the creators wouldn't go out of their way to make it possible but the way I understand it is that the virus goes to randomly generated websites so the creators can avoid getting one fixed site shut down. So the security companies have been able to predict future websites to monitor how many people have the virus.

So my guess is there's something wrong with my understanding somewhere. If they are able to create servers which the virus contacts to download software, why can't they put software up that removes it?

[Sput]

I thought it was instructed to do everything, so you'd probably have flexibility as the guy in charge to make it update from anywhere you wanted.

[Netizen]

Wish I had a botnet, seems like a more effective way of making many PCs do what they're told than fathoming out why I can't get group policies to stick on the company LAN

[Martin]

The company I work for has been crippled by the virus over the past 4 weeks. Everyone in I.T. seems to be running around after the virus so if you want anything else done your up a gum tree. There is now a 'usb stick' amnesty where no one is to use them outwith the company network. :roll:

[rts]

How do you know if your PC has been infected, how do you remove it, and how do you stop it coming back?

[Sput]

Stop looking at porn, rod!

[rts]

You've rumbled me!

[Jovis]

You've rumbled me!

Is that a line from the film?

[rts]

10 points Jovis. Very good