Sent to you by FRANCISCO via Google Reader:
Have you heard about the Cornflicker worm? It has been all over the media
Before you even continue reading make sure your Windows XP machine is patched up to Service Pack 3 and your Vista Machines are Service Pack 1. Now check out this information from the Symantec website:
The Conficker worm, sometimes called Downadup or Kido has managed to infect a large number of computers. Specifics are hard to come by, but some researchers estimate that millions of computers have been infected with this threat since January. Current users of Symantec's Norton security products are protected. Users who lack protection are invited to download a trial version of Norton AntiVirus 2009,Norton Internet Security 2009 or Norton 360. All of these products will detect and remove this worm. Symantec has a detailed technical analysis of the threat here.
So even if Symantec is not being paid to protect your machine they will still help you out with removing Cornflicker. This is just another variant of an older worm and it is set to mutate again on the 1st.
We poked around the web a bit more and came across this on Cnet:
Even worm creators write buggy software.
Once it infects a computer, the Conficker worm closes the hole in Windows that it used to get onto the system so no other malware can get in. This also makes it difficult for organizations to detect which computers have the legitimate Microsoft patch and which have the fake Conficker patch.
Wow! Isn't that nuts? They go on to say they have developed a proto-type of a scanner that can pick up the infection from Cornflicker. You can read the rest of that article here http://news.cnet.com/8301-1009_3-10207375-83.html. Read more after the jump.
Good news if you are using OpenDNS or are in the government:
The U.S. Department of Homeland Security has released a Conficker detection tool for government agencies and state and local governments to use that ws developed by US-CERT.
The OpenDNS security services provider blocks access to the domains listed in the Conficker code. Microsoft has more information on its site, as does Symantec. The Web site of the Conficker Working Group, which is composed of companies allied to combat Conficker, also has information and worm removal tools.
What does the Conficker worm do?
We don't know the purpose of the Conficker worm. Today the worm has created an infrastructure that the creators of the worm can use to remotely install software on infected machines. What will that software do? We don't know. Most likely the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites.
The Conficker worm mostly spreads across networks. If it finds a vulnerable computer, it turns off the automatic backup service, deletes previous restore points, disables many security services, blocks access to a number of security web sites and opens infected machines to receive additional programs from the malware's creator. The worm then tries to spread itself to other computers on the same network.How does the worm infect a computer?
The Downadup worm tries to take advantage of a problem with Windows (a vulnerability) called MS08-067 to quietly install itself. Users who automatically receive updates from Microsoft are already protected from this. The worm also tries to spread by copying itself into shared folders on networks and by infecting USB devices such as memory sticks.
Who is at risk?
Users whose computers are not configured to receive patches and updates from Microsoft and who are not running an up to date antivirus product are most at risk. Users who do not have a genuine version of Windows from Microsoft are most at risk since pirated system usually cannot get Microsoft updates and patches.
What to do if you are infected
Use your Norton product to identify which variant of the worm is on your computer.
Follow the detailed removal instructions for the specific version of the of the worm. These can be found here:
W32.Downadup.A writeup
W32.Downadup.B writeup
W32.Downadup.C writeup
Advice to Stay Safe from the Downadup Worm:
Run a good security suite (we are partial to Norton Internet Security and Norton 360).
Keep your computer updated with the latest patches. If you don't know how to do this, have someone help you set your system to update itself.
Don't use "free" security scans that pop up on many web sites. All too often these are fake, using scare tactics to try to get you to purchase their "full" service. In many cases these are actually infecting you while they run. There is reason to believe that the creators of the Conficker worm are associated with some of these fake security products.
Turn off the "autorun" feature that will automatically run programs found on memory sticks and other USB devices.
Be smart with your passwords. This includes
- Change your passwords periodically
- Use complex passwords – no simple names or words, use special characters and numbers
- Using a separate, longer password for each site that has sensitive personal information or access to your bank accounts or credit cards.
What are you doing to stay safe? Share it with us in the comments!
- Has Apple Got A Worm Problem?
- Worm Alert: Storm Worm Take 2? Massive attacks is this the same worm from 2001?
- Worm Alert: Storm Worm Take 2? Massive attacks is this the same worm from 2001?
- Windows Tip: Access The Windows Security Window In a Remote Desktop Connection (Control-Alt-Delete Doesn't Work)
- Its April Fools Day! Here have some geeky pranks for any platform!
Things you can do from here:
- Subscribe to Ask The Admin using Google Reader
- Get started using Google Reader to easily keep up with all your favorite sites
No comments:
Post a Comment