Author Topic: Worm/Conficker  (Read 21302 times)

0 Members and 1 Guest are viewing this topic.


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33061
  • malware fighter
Re: Worm/Conficker
« Reply #1 on: January 17, 2009, 01:41:14 PM »
Hi Minacross,

The best way to be protected against this is to install the out of band Microsoft patch against the vulnerability through which computers are being infected with this. That means if you haven't already been infected. 30% of computers are still vulnerable because of lacking updates and this particular patch: http://www.microsoft.com/technet/security/bulletin/ms08-067.

The newer variants of the worm now infect in various ways, through Metasploit, via pen drives, autorun, etc. etc. whatever works will do.
Worm infection disables the MS update service, and the general view is the cybercriminals will use infected machines to form a giant bot net. So best advice install the patch as quick as you can.
Else run Microsofts Malicious Software Removal Tool from a clean machine unto a usb stick: http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

I assume that avast is also protecting us here, but nevertheless get the MS patch as soon as you can,
whole armies and navies are being infected at the moment,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline ardvark

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1512
  • John 3:16 (I'm not an "avast! evangelist")
Re: Worm/Conficker
« Reply #2 on: January 17, 2009, 03:08:45 PM »
The best way to be protected against this is to install the out of band Microsoft patch against the vulnerability through which computers are being infected with this. That means if you haven't already been infected. 30% of computers are still vulnerable because of lacking updates and this particular patch: http://www.microsoft.com/technet/security/bulletin/ms08-067.

Hi Polonus...

The link you provided comes up "Page Not Found." However, I did a search and came up with these pages...

http://blogs.msdn.com/ie/archive/2008/12/17/ie-december-out-of-band-release.aspx

http://www.microsoft.com/technet/security/Bulletin/MS08-078.mspx

Is this what you were referring to? If so, I received this update via Windows Update last month. Also, did you get my reply to your PM? :)

May God Bless you!
« Last Edit: January 17, 2009, 03:12:52 PM by ardvark »

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8784
Re: Worm/Conficker
« Reply #3 on: January 17, 2009, 03:34:12 PM »
Quote
I assume that avast is also protecting us here, but nevertheless get the MS patch as soon as you can,
whole armies and navies are being infected at the moment, 

Plus nannies and grannies  :'(
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33061
  • malware fighter
Re: Worm/Conficker
« Reply #4 on: January 17, 2009, 03:37:22 PM »
Hi ardvark,

Exactly, you are right. That is the out of band patch that everyone should have installed, and in case they have not yet, they have to apply this particular patch as soon as possible. It is mainly because of the expanded patch cycle of firm admins (3 month cycle is way tooooo looong!) that we have the disaster that we are experiecing at the moment. PM received, best wishes and stay healthy and full of confidence,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline ardvark

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1512
  • John 3:16 (I'm not an "avast! evangelist")
Re: Worm/Conficker
« Reply #5 on: January 17, 2009, 03:42:23 PM »
PM received, best wishes and stay healthy and full of confidence,

Hi Polonus...

Thank you, the Lord is bringing this about within me day by day! :)

The reason why I asked if you received my reply was that there was a question for you in it.

Best Regards...

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33061
  • malware fighter
Re: Worm/Conficker
« Reply #6 on: January 17, 2009, 07:17:20 PM »
Hi malware fighters,

The Conficker (Downadup) worm is spreading very rapidly all over the Internet, at the moment a mere 10 million computers have been infected. That is thrice as much as only four days ago. There are various varieties of Conficker and only the most active one is being monitored. Only the spreading of infections via the MS08-067 hole have been mapped (see added picture) As mentioned earlier in this thread the worm is also spreading through network folders and pen drives, etc.

The real number may be many times higher, because the worm is also infecting Intranets, where hundreds of machines are sitting behind one IP-address. F-Secure is warning the situation is getting worse and worse. While Symantic has played down this number considerably and estimations there are adding up to 4 million PCs infected.

On the map you see that the worm is actively spreading in the country of origin, China, were the hole was first published "in error" by a security firm, and also South America. But the worm has made victims everywhere and also the Netherlands were hit, there a dozen of firms and even some governmental institution had been infected,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: Worm/Conficker
« Reply #7 on: January 17, 2009, 07:46:41 PM »
our detection of Conficker worm and abilities to kick it out are really good (catching all valid samples, which i've seen and having no known falses)..

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8784
Re: Worm/Conficker
« Reply #8 on: January 18, 2009, 01:24:08 AM »
Windows Defender has an update to detect and remove it:
http://www.microsoft.com/security/portal
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33061
  • malware fighter
Re: Worm/Conficker
« Reply #9 on: January 18, 2009, 01:49:12 AM »
Hi Maxx_original,

I knew that avast was on top of this, because of the impact of it, and I am glad that you can reassure us here, good work should be appreciated, and it is,

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!