Members
Stats
  • Total Posts: 43375
  • Total Topics: 16477
  • Online today: 1730
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 0
Guests: 1539
Total: 1539









Author Topic: Protecting Against the Rampant Conficker (Kido, Downadup) Worm  (Read 6506 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Businesses worldwide are under attack from a highly infectious computer worm that has infected almost 9 million PCs, according to antivirus company F-Secure.

That number has more than tripled over the last four days alone, says F-Secure, leaping from 2.4 million to 8.9 million infected PCs. Once a machine is infected, the worm can download and install additional malware from attacker-controlled Web sites, according to the company. Since that could mean anything from a password stealer to remote control software, a Conflicker-infected PC is essentially under the complete control of the attackers.

According to the Internet Storm Center, which tracks virus infections and Internet attacks, Conficker can spread in three ways.

First, it attacks a vulnerability in the Microsoft Server service. Computers without the October patch can be remotely attacked and taken over.

Second, Conficker can attempt to guess or 'brute force' Administrator passwords used by local networks and spread through network shares.

And third, the worm infects removable devices and network shares with an autorun file that executes as soon as a USB drive or other infected device is connected to a victim PC.

Conficker and other worms are typically of most concern to businesses that don't regularly update the desktops and servers in their networks. Once one computer in a network is infected, it often has ready access to other vulnerable computers in that network and can spread rapidly.

Home computers, on the other hand, are usually protected by a firewall and are less at risk. However, a home network can suffer as well. For example, a laptop might pick up the worm from a company network and launch attacks at home.

The most critical and obvious protection is to make sure the Microsoft patch is applied: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx  Network administrators can also use a blocklist provided by F-Secure to try and stop the worm's attempts to connect to Web sites: http://www.f-secure.com/weblog/archives/00001582.html

And finally, you can disable Autorun so that a PC won't suffer automatic attack from an infected USB drive or other removable media when it's connected. The Internet Storm Center links to one method for doing so at http://nick.brown.free.fr/blog/2007/10/memory-stick-worms.html, but the instructions involve changing the Windows registry and should only be attempted by adminstrators or tech experts. Comments under those instructions also list other potential methods for disabling autorun.

(PC World)

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi kodiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023