Conficker Worm

Status
Not open for further replies.
Joined
Mar 20, 2004
Messages
4,375
Location
Camas, WA
Sorry if this old news....

http://www.cnn.com/2009/TECH/ptech/01/16/virus.downadup/index.html

A new sleeper virus that could allow hackers to steal financial and personal information has now spread to more than eight million computers in what industry analysts say is one of the most serious infections they have ever seen.


Experts say a single infected laptop could expose an entire network to the worm.

The Downadup or Conficker worm exploits a bug in Microsoft Windows to infect mainly corporate networks, where -- although it has yet to cause any harm -- it potentially exposes infected PCs to hijack.

How does it spread?

The worm does not spread over email or the Web. However if an infected laptop is connected to your corporate network, it will immediately scan the network looking for machines to infect. These will be machines that have not installed a patch from Microsoft known as MS08-067. The worm will also scan company networks trying to guess your password, trying hundreds and hundreds of common words. If it gets in, even if you are not at your machine, it will infect and begin spreading to other servers. A third method of spreading is via USB data sticks.



http://www.ditii.com/2008/11/27/microsoft-warns-of-win32confickera-malware-exploiting-vulnerability/

Microsoft is warning users of a rise in attacks on a vulnerability in Windows that could trigger a worm infestation on networks, and the company is encouraging companies to apply an emergency patch released in October. Microsoft says it has reports from users on a worm called Win32/Conficker.A, which infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.exe).
 
Yes, it's not new for MS already released the original patch back in Oct, 08. Subsequently superceded by MS08-067 which is available for download.

Also: the latest update of Windows RootKit remover can remove this pesky one completely.

Hummm...what else? Other than the fact that F-Secure ranks it as severity 1 virus going on out there, we already released our first virus definition file back in late November, 08....and all our customers are fully protected. Other than calling it a PR stunt, we cannot see the big fuss on this one (ours rank it as medium to medium-low in terms of severity, unless (a) you missed that security patch entirely, or (b) you are running pirated OS which utterly disregarded this patch due to WGA detection)

Ether way, this one gets a publicity stunt from Symantec and F-Secure...

Q.
 
Last edited:
We applied MS08-067 and MS09-001 to all our servers. A number of them had SVCHOST.EXE problems where the consoles lock and the server becomes unresponsive. A reboot cures it. Deep checking finds nothing. I think MS didn't make a high quality patch IMO...
 
Originally Posted By: ToyotaNSaturn
We applied MS08-067 and MS09-001 to all our servers. A number of them had SVCHOST.EXE problems where the consoles lock and the server becomes unresponsive. A reboot cures it. Deep checking finds nothing. I think MS didn't make a high quality patch IMO...


Or they rushed it out without fully testing it. Not like they haven't done that before
LOL.gif
 
Status
Not open for further replies.
Back
Top