Urgent User Awareness of Conficker/Downadup WORM | FerrariChat
Buy

Urgent User Awareness of Conficker/Downadup WORM

Discussion in 'Ferrari Discussion (not model specific)' started by MCABOSS, Mar 31, 2009.

This site may earn a commission from merchant affiliate links, including eBay, Amazon, Skimlinks, and others.

  1. MCABOSS

    MCABOSS Rookie

    Mar 13, 2009
    35
    Bremerton, WA
    #1 MCABOSS, Mar 31, 2009
    All,
    I've included some additional information regarding the Conficker worm
    detailed in the announcement below. This is a pretty scary attack
    considering what it's capable of accomplishing. I recommend if you haven't already done so, update your home computers, disable file sharing, update your virus signatures, and disable autorun. Tomorrow is April 1 and several sources say that the hardcoded D-Day attack is scheduled to execute on "April 1st".


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    *** Urgent User Awareness of Conficker/Downadup WORM ****
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    EVENT: ***Conficker/Downadup Worm***


    SITUATION:
    Conficker/Downadup worm that targets Microsoft Windows Systems not properly patched with MS08-067. This worm can be transferred by removable media, shared media.

    Once installed, Conficker implements a variety of behaviors as follows:

    - Implements logic to defend itself from security products that would
    attempt to remove and detect it.

    - Attempts to disable Windows Automatic Update and stops access to the
    Windows Security Center.

    - Detects and disables the SysInternals' Process Explorer program.

    - Interferes with the operation of a number of other search-and-destroy
    programs including WireShark and SysClean

    - Changes the Administrator passwords on local networks and spreads through ADMIN$ shares.

    - Infects removable devices and network shares by creating a special
    autorun.inf file and enables its own DLL on the device.


    ADVICE TO STAY SAFE AT HOME:
    - For MS Windows systems, ensure MS Security Patch MS08-067 is installed.
    Keep your computer updated with the latest patches and the latest virus
    definitions.

    - Maintain a strong security suite which includes: Virus program ,Firewall
    and Spam detection.

    - Do not use the "free" security scans that are available on many web sites.
    All too often, these are fake ads, using scare tactics to get you to
    purchase their "full" service. In many cases these scans are actually
    infecting your computer while running.

    - Turn off the "autorun" feature that automatically runs programs found on
    memory sticks and other USB devices. Do not share your passwords, change
    your passwords periodically, use complex passwords, and turn you computer
    off when not in use.

    - Always use caution when clicking links embedded in e-mails from unknown
    sources.


    http://www.microsoft.com/security/portal/Entry.aspx?Name=Win32/Conficker
    http://blogs.technet.com/msrc/archive/2009/02/12/conficker-activity-update.a
    spx

    Quote from Microsoft's Security Response Center:
    "Finally, we have announced a US$250,000 reward for information that results
    in the arrest and conviction of those responsible for illegally launching
    the Conficker worm. Individuals with information about the Conficker worm
    are encouraged to contact their international law enforcement agencies.
    Additionally, Microsoft has implemented an Antivirus Reward Hotline,
    1-425-706-1111, and an Antivirus Reward Mailbox, [email protected],
    where tips can be shared."
     

Share This Page