Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42866
  • Total Topics: 16075
  • Online Today: 1580
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Author Topic: Conficker Worm Still atack on Windows Systems (Win32/Conficker.A, W32.Downadup)  (Read 3913 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Big risk for unpatched systems

Users of Windows Server service that haven't patched a previously disclosed worm hole (MS08-067) are taking a big risk. More and more enterprises continue to get hit by a Conficker worm variant, according to Roger Halbheer, chief security adviser for Microsoft's Europe, Middle East, and Africa Group, in a blog post on Wednesday.

Microsoft on Tuesday released its January security update. However, the company is still trying to get Windows pros to fix an issue that first appeared as an out-of-band bulletin back in October. That patch was supposed to take care of a remote code execution (RCE) exploit in remote procedure call requests (RPC) that could affect a whole network if harnessed by hackers.

These stepped-up warnings from Microsoft come after independent ITSec shop Panda Security said in several reports that Windows users haven't seen the last of the RCE exploit. Both Panda and Symantec officials have said they've seen increased attacks, as well as a growth in malware, deriving from Conficker attacks.

In cases where the security patch hasn't been applied, Conficker-type bugs can ding Windows-based PCs with malicious RPC packets. Specifically, the bug allows corrupt subroutines on a network to be executed automatically. The worm can affect Windows 2000, XP and Vista operating systems, as well as Windows Servers 2003 and 2008.

Because this month's patch cycle was so thin, now might be the moment to look seriously at the October fix, experts say.

"For administrators who failed to patch the RPC vulnerability that was reported back in October 2008, this is the best time to go back and patch the issue," said Paul Henry, security and forensic analyst for endpoint security outfit Lumension. "Security experts are starting to see new variants appearing in the wild for this. We're seeing more widespread use of the vulnerability today than we did back in October."

The fact that so many Windows systems seem to be at risk raises questions about security patch turnaround times in the enterprise. A Qualys survey found that more than 50 percent of machines get patched after approximately 30 days.

"After that period, we see the patch rates go down and the overall number of machines that are attackable only slowly diminishing," said Wolfgang Kandek, chief technology officer of Qualys Inc. "Unfortunately this leaves enough machines to be exploited by the "Conficker" worm types even today, over 45 days later."

Kandek sees a general lack of alarm among IT pros.

"We would have liked to see a faster reaction by the computer users given the significance of the patch but there still seems to be a barrier to reach everybody and make them understand the urgency of patching."

Jabulani Leffall

(Enterprise Systems)


Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising