January 2009 it was announced on several news-blogs to be one of the most dangerous 0f the past years with almost ten million infections (F-secure) since it has surfaced in October 2008.
Even several of the Dutch governement agencies got infected. As most virusses and worms Conficker spreads through networks, but also USB-sticks.
Goal
The Conficker worm targets the Windows OS, it exploits a known vulnerability in the Windows Server service (used in Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008 and Windows 7). Conficker then disables Windows Update, Windows Security Center, Windows Defender and Windows Error Reporting.
Since the worm uses a Remote procedure call (RPC) request to execute code on the target computer, it receives further instructions by connecting to a server. Instructions which may include propagate, gather personal information and to download and install additional malware. The worm also attached itself to certain important Windows processes (such as svchost.exe, explorer.exe and services.exe).
What will happen on the first of April is yet to be discovered, while F-secure is highly alert Symantec is rather easy.
Frequently used alliases:
Symptons
Removal tool made by ESET and SpicyLemon (former ESET Netherlands)
Windows patch MS08-067 (simply select your OS and run the update)
Removal tool made by Symantec (Norton)
Easy site to see whether you are infected or not.
It is recommended that you run the removal tool several times before, at and after 31th of March.
More info at webwereld.nl, wikipedia.org, helpdesk.nod32.nl, symantec.com
Yours trulyEven several of the Dutch governement agencies got infected. As most virusses and worms Conficker spreads through networks, but also USB-sticks.
Goal
The Conficker worm targets the Windows OS, it exploits a known vulnerability in the Windows Server service (used in Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008 and Windows 7). Conficker then disables Windows Update, Windows Security Center, Windows Defender and Windows Error Reporting.Since the worm uses a Remote procedure call (RPC) request to execute code on the target computer, it receives further instructions by connecting to a server. Instructions which may include propagate, gather personal information and to download and install additional malware. The worm also attached itself to certain important Windows processes (such as svchost.exe, explorer.exe and services.exe).
What will happen on the first of April is yet to be discovered, while F-secure is highly alert Symantec is rather easy.
Frequently used alliases:
- Worm:Win32/Conficker.A
- Crypt.AVL
- Mal/Conficker-A
- Trojan.Win32.Pakes.lxf
- Trojan.Win32.Pakes.lxf
- W32.Downadup
- Worm:Win32/Conficker.B
- WORM_DOWNAD.A
Symptons
- The worm will identify and attempt to shut down antivirus software
- Accounts being reset automatically
- Windows Update, Defender and error reporting being automatically disabled
- Domain controllers respond slowly to client requests.
- Network gets unusually congested
- Brute force dictionary attack against admin passwords
Removal tool made by ESET and SpicyLemon (former ESET Netherlands)
Windows patch MS08-067 (simply select your OS and run the update)
Removal tool made by Symantec (Norton)
Easy site to see whether you are infected or not.
It is recommended that you run the removal tool several times before, at and after 31th of March.
More info at webwereld.nl, wikipedia.org, helpdesk.nod32.nl, symantec.com
-Yuu Tency
Article written by AUTHOR_NAME
WRITE_ABOUT_YOURSELF
Follow YOUR_NAME on Twitter
0 comments:
Post a Comment