Conficker

Discussion in 'Computer Corner' started by wildspirit97, Mar 31, 2009.

  1. wildspirit97

    wildspirit97 Senior Member

    1,088
    46
    0
  2. glider

    glider Veteran Member

    25,464
    108
    44
  3. STEVE07

    STEVE07 Well-Known Member Staff Member Super Moderators

    4,034
    68
    43
    They had it on the news last night,some techys say its a sham,but make sure your antivirus is updated and ON
     
  4. wildspirit97

    wildspirit97 Senior Member

    1,088
    46
    0
    My boss was telling me about seeing it on the news the other day, but I didn't think much of it. My computer is pretty secure but it still makes ya wonder.
     
  5. STEVE07

    STEVE07 Well-Known Member Staff Member Super Moderators

    4,034
    68
    43
    The Norton site starts out Pritect yourself against Conflicker.Maybe antivirus sales were down!:D
     
  6. glider

    glider Veteran Member

    25,464
    108
    44
    From the McAfee web page that I use.


    Identifying and removing Conficker

    There’s been a lot of talk about how Conficker is going to create havoc on April 1. Conficker, formally named W32/Conficker.worm, began infecting systems at the end of 2008 by exploiting a vulnerability in Microsoft Windows. Since then McAfee has seen two more variants of this worm and many binaries – files ready to load into memory and execute – that carry the worm’s malicious payload. Conficker.C is the latest variant. Its “call-home protocol” will change on Wednesday, April 1, and may entail an update with some as-yet unknown functionality.



    McAfee already offers protection from the Conficker worm in its endpoint and network products, and Microsoft has issued a security patch for the vulnerability that the Conficker family has used to propagate. Yet many computer users continue to worry about infection. The information below will help you understand more about the worm, the steps you can take to clean an infected system, and measures to prevent reinfection.
    What is the Conficker worm?

    Conficker.C is the most recent variant of the Conficker worm. Exposure to Conficker.C is limited to systems that are still infected with the earlier variants, Conficker.A and Conficker.B, which operate by exploiting the MS08-067 vulnerability in Microsoft Windows Server Service. If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Conficker combats efforts at eradication by creating scheduled tasks and/or using autorun.inf files to reactivate itself.
    McAfee has identified thousands of binaries that carry the Conficker payload. Depending on the specific variant, the worm may spread via LAN, WAN, web, or removable drives, and by exploiting weak passwords. Conficker disables several important system services and security products, and downloads arbitrary files. Computers infected with the worm become part of an “army” of compromised computers and could be used to launch attacks on websites, distribute spam, host phishing websites, or carry out other malicious activities.
    How to tell if your system is infected

    Symptoms of Conficker infection include the following:

    • Access to security-related sites is blocked
    • Users are locked out of the directory
    • Traffic is sent through port 445 on non-Directory Service (DS) servers
    • Access to admininistrator shared drives is denied
    • Autorun.inf files are placed in the recycled directory, or trash bin

    Steps to remove Conficker and prevent re-infection

    We recommend customers take the following steps to remove W32/Conficker.worm and prevent it from spreading:

    1. Install Microsoft Security Update MS08-067: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
    2. Clean the infected systems, and rebootUse anti-malware solutions such as McAfee VirusScan Plus or ToPS for Endpoint to clean the infection. Use behavioral detection techniques like the buffer overflow protection in Host IPS to prevent future infections. This is important because Conficker can propagate via portable media such as infected USB drives. As the media are accessed, the system processes autorun.inf and executes the attack. For more information, read McAfee Avert Labs’ document “Combating Conficker Worm.”
    3. Identify other systems at risk of infection
      You need to identify which systems are at risk. The list includes systems that either are not patched against Microsoft vulnerability MS08-067 or do not have proactive protection controls to mitigate the vulnerability. McAfee Vulnerability Manager and ePolicy Orchestrator can identify systems that are vulnerable and not protected.
    4. Limit the threat’s ability to propagate
      Using network IPS at strategic points in your network will quickly limit the ability of the threat to spread. This gives you time to either update your client anti-virus signatures or modify policies to block the threat using the behavioral controls.
     
  7. Truffle

    Truffle Member

    38
    16
    0
    Antivirus vendors will always tell you there is a problem even when there is not. As for not being able to go to any of the antivirus vendors websites most viruses/worms/trojans now a days disable that ability not just this one that they news is spreading around like wild fire saying its going to be worse then y2k (which was not a virus but a programing error).

    Its likely that there really is a virus/worm/trojan out there called conficker but just as many of the other ones that have come out over the years on 4/1/?? its probably just hijacks your browser forcing you to one website or another or just randomly playing with your dns routings taking you to random websites.

    Just download one of the many free antiviris and antimalware apps and scan your system and you should be fine.

    Just remember that the media gets paid to sell news they are not a public service so they don't really care if its true or not if it sounds good and they can get someone to say its true or could be true they will scare you into watching/reading it.

    I remember reading a thread the other day that pointed out a few nice free apps that work well give them a look over.

    :bigsmiley12:
     
  8. GONZO

    GONZO Member

    12
    11
    0
    Truffle,
    Good advice there - If nothing else this is a wake up call for those that continually putting off updates.

    IMHO Get a good program for antivirus and keep it updated! (Many good ones are totally free)
     
  9. bwalsh22

    bwalsh22 Junior Member

    756
    28
    3
    The companies are getting better at protecting against these. This one could have been a nasty one but the the virus companies did a great job protecting the computers. In general, keep your virus protection up to date, else you will get his with worms like these and spyware that just slows your machine down or sends lots of wonderful spam when you are not on it. Keep your computers safe!
     
  10. bwalsh22

    bwalsh22 Junior Member

    756
    28
    3
    I knew that was coming at some point. :newsmile100: