Confiker Virus . Latest threat to windows.

[Abarbarian]

Wednesday, January 21, 2009 12:28 AM dbottjer Malicious Software Removal Tool Update (Win32/Conficker.b)


I received the following information from my MVP Lead Suzanna. She asked that we pass it on to help reduce infections.

Malicious Software Removal Tool

History: Win32/Conficker.B

Abstract:

Based on feedback from MVP's and other sources, we are concerned about the rise in reported infections due to the worm Win32/Conficker.B also known as “Downadup.” Though systems which have already applied the out-of-band released MS08-067 in October 2008 are protected, un-patched system user have experienced system lockout and other problems.
Last week, we released a version of the Malicious Software Removal tool (MSRT) that can help remove variants of Win32/Conficker and other resources. Please share this information in your communities to help address this threat.

http://drowningintechnicaldebt.com/...re-removal-tool-update-win32-conficker-b.aspx

Seems pretty bad this one. I read about it here. So take crae folks.

http://uk.news.yahoo.com/5/20090119/tuk-computer-worm-goes-out-of-control-45dbed5.html

Why it should be sweeping through the Ministry of Defence is a mystery to me. Guess our military is as useless at security as our government. Makes you ashamed to be british.

"Experts say the worm has "skyrocketed" in recent days.

It is sweeping through thousands of offices in the UK and has affected computers at the Ministry of Defence."

 

[Taffycat]

It has also hit 5 Sheffield hospitals too. Apparently, they disabled auto virus updates, due to PCs re-starting during operations. Story here

The patch was available last October, so looks like there are still lots of un-patched PCs out there.

 

[nivrip]

Is this an MS patch you're referring to or something completely different?

 

[Taffycat]

Is this an MS patch you're referring to or something completely different?

Sorry Niv, I should have said, it's Microsoft patch (KB958644). :nod:

 

[Electronics & Photo Fan]

Just found this: On BBC News:

"Even having the Windows patch won't keep you safe"
Graham Cluley
Sophos

If it brute-forces the administrator password, then a patch isn't going to help with that aspect as all the worm is doing is attempting to correctly guess the password by trying lots of combinations of words/letters and retrying again and again.

From what I am hearing, the point of the patch is that it makes it possible for anti-malware software to detect the worm, as the worm is constantly changing form and it's filenames.

 

[Taffycat]

There is information for keeping your PC free of this worm and also a guide to its remova, [font=Arial,Sans-serif]By Woody Leonhard of "Windows Secrets." Link
[/font]

 

[APK]

IF you have NOT patched yourself vs. this machination? You CAN stop/stall it from attacking you by simply disabling the SERVER service (via Start-> Run -> Services.msc) & set that service's startup type to DISABLED.

(Yes, you CAN do w/out the server service IF you are NOT part of a home or work LAN/WAN, that requires that shared disks/folders/files & Printers exist that others must access etc. et al)

Also - watching it with your usage of javascript helps also (here is where Opera's native features for disabling javascript GLOBALLY, via tools menu, helps... &, via rightclick on a webpage to enable it for sites you DO need it on to use them - NoScript for FireFox users is THEIR option here).

APK

P.S.=> Additionally? Adding blocking IP addresses into your own local HOSTS file (typically located in %WinDir%\system32\drivers\etc) for the "command & control" servers this worm uses is NOT a bad idea, but, I'd have to list those for you here... ask, if you need them & wish to do that added layer of security vs. this worm, OR, just look here for its specifics/mechanics -> http://mtc.sri.com/Conficker/ ... apk

 

[muckshifter]

I don't have a password

Better not tell Vista users they have a "super" administrators account that, doesn't have a password.

oh, if you do set one, look at how strong it isn't ...

http://www.microsoft.com/protect/yourself/password/checker.mspx

 

[APK]

I don't know if you guys have seen this, or not, but...

The Conficker "Eye Chart":

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

There, IF you can see all 6 photos? You are NOT infested by "conficker"...

APK

P.S.=> Of course, there IS the opposite, where if you cannot see any of those photographs, you probably HAVE "conficker" & need to clean yourself of it... enjoy! apk

 

[APK]

A REMOVAL TOOL FOR CONFICKER (in case you need it)

Per the "P.S." section @ the bottom of my last posting, just above this one?

http://www.sophos.com/products/free-tools/conficker-removal-tool.html

There's the removal tool to use (there are others though) to clean yourself of Conficker (also known as Downadup)... in case you cannot see all the photos in the "conficker eye chart test" I pointed out above.

APK

P.S.=> Sorry for omitting that in my last post folks, was in a hurry (New Year & all that)... apk