Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

MS08-067 Worm Dangers - New Conficker variants manipulate AUTORUN.INF

Lightning The latest variants of Conficker has spread to over 3 million PCs and Servers worldwide as it uses multiple techniques to spread to vulnerable systems.  The MS08-067 patch must be applied to help prevent infections, along with keeping removable media unplugged until needed in transferring information.  Corporate security administrators should ensure network shares and passwords are properly locked down as well

How Big is Downadup? Very Big.
http://www.f-secure.com/weblog/archives/00001580.html
http://www.f-secure.com/weblog/archives/00001579.html

QUOTE: Today's total infection count is an estimated 3,521,230 infections worldwide

Conficker's autorun and social engineering
http://isc.sans.org/diary.html?storyid=5695

Very Deceptive AUTORUN.INF tactics are used
http://www.f-secure.com/weblog/archives/00001575.html

QUOTE: F-Secure posted some interesting information about the number of infections which is almost certainly in millions (and who knows how many machines will stay infected as the owners will not even notice anything).  One of the reasons for infecting so many machines is that Conficker uses multiple infection vectors:

1.It exploits the MS08-067 vulnerability

2.It brute forces Administrator passwords on local networks and spreads through ADMIN$ shares

3.It infects removable devices and network shares by creating a special autorun.inf file and dropping its own DLL on the device.

More on MS08-067 Worm developments
http://www.f-secure.com/weblog/archives/00001576.html

Idea Techniques for disabling AUTORUN for USB plug-in devices
http://technet.microsoft.com/en-us/magazine/2008.01.securitywatch.aspx
http://support.microsoft.com/kb/953252
http://nick.brown.free.fr/blog/2007/10/memory-stick-worms.html

MS08-067 Conficker worm - F-Secure offers free removal tools
ftp://ftp.f-secure.com/anti-virus/tools/beta/fsmrt.zip
ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip

Time PATCH NOW - if there are any servers or PCs that need this critical update.  Home users can employ the Windows Update process.  More information can be found in the link below:

MS08-067 Security Patch Information
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Posted: Jan 15 2009, 07:47 AM by Harry Waldron | with 4 comment(s) |

Comments

Deborah said:

I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.

Deborah

# January 15, 2009 8:21 PM

Mengaktifkan Show hidden files and folders option yang tidak mau berfungsi « Diari Suami Seorang Dokter said:

Pingback from  Mengaktifkan Show hidden files and folders option yang tidak mau berfungsi « Diari Suami Seorang Dokter

# January 24, 2009 11:17 PM

Si Mantan Mahasiswa 7 Tahun Pas » Blog Archive » Mengaktifkan Show hidden files and folders option yang tidak mau berfungsi said:

Pingback from  Si Mantan Mahasiswa 7 Tahun Pas  » Blog Archive   » Mengaktifkan Show hidden files and folders option yang tidak mau berfungsi

# January 24, 2009 11:18 PM

harvey said:

our system has got the virus and even after patching all machines running antivirus it still comes back.

I even reformatted a pc patched and virus updated, with 6hours of being back on our network the worm had infected the machine......

# February 11, 2009 4:52 AM