|
Vexing computer worm to evolve on April Fool's Day
Vexing computer worm to evolve on April Fool's Day
Mar 29 03:15 AM US/Eastern A tenacious computer worm which has wriggled its way onto machines worldwide is set to evolve on April Fool's Day, becoming harder to exterminate but not expected to wreak havoc. A task force assembled by Microsoft has been working to stamp out the worm, referred to as Conficker or DownAdUP, and the US software colossus has placed a bounty of 250,000 dollars on the heads of those responsible for the threat. The worm is programmed to modify itself on Wednesday to become harder to stop, according to Trend Micro threat researcher Paul Ferguson, who is part of the Conficker task force. "There is no evidence of it going into attack mode or dropping any particular payload on April 1st," Ferguson said in an interview. "What people controlling the botnet are doing is building in survivability because of efforts by the good guys to lessen the harm of this thing." The worm, a self-replicating program, takes advantage of networks or computers that haven't kept up to date with security patches for Windows RPC Server Service. http://www.breitbart.com/article.php...show_article=1 Pricks. |
This virus spreads by infecting unpatched computers.
If you don't do so already. Please run windows update and let it install all critical updates. Manually update your antivirus. More information and tips can be found here: http://windowssecrets.com/2009/03/30...before-April-1 |
Thanks nline.
|
I personally believe its all hype... conficker has already been thru a couple of trigger dates and it they were all a non-event. Not to say that computers don't need to be up-to-date. All machines need to be running an up-to-date OS, be it OS X, Windows, Linux, Solaris, *BSD, etc...
|
-----Original Message-----
From: CERT Advisory [mailto:cert-advisory@cert.org] Sent: Sunday, March 29, 2009 8:37 PM To: cert-advisory@cert.org Subject: US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-088A Conficker Worm Targets Microsoft Windows Systems Original release date: March 29, 2009 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows Overview US-CERT is aware of public reports indicating a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067. I. Description The presence of a Conficker infection may be detected if a user is unable to surf to the following websites: * http://www.symantec.com/norton/theme...conficker_worm * http://www.mcafee.com If a user is unable to reach either of these websites, a Conficker infection may be indicated (the most current variant of Conficker interferes with queries for these sites, preventing a user from visiting them). If a Conficker infection is suspected, the infected system should be removed from the network. Major anti-virus vendors and Microsoft have released several free tools that can verify the presence of a Conficker infection and remove the worm. Instructions for manually removing a Conficker infection from a system have been published by Microsoft in http://support.microsoft.com/kb/962007. II. Impact A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system. III. Solution US-CERT encourages users to prevent a Conficker infection by ensuring all systems have the MS08-067 patch (part of Security Update KB958644, which was published by Miscrosoft in October 2008), disabling AutoRun functionality (see http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and maintaining up-to-date anti-virus software. IV. References * Virus alert about the Win32/Conficker.B worm - * Microsoft Security Bulletin MS08-067 - Critical - * Microsoft Windows Does Not Disable AutoRun Properly - * MS08-067: Vulnerability in Server service could allow remote code execution - * The Conficker Worm - * W32/Conficker.worm - __________________________________________________ __________________ The most recent version of this document can be found at: __________________________________________________ __________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA09-088A Feedback VU#827267" in the subject. __________________________________________________ __________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . __________________________________________________ __________________ Produced 2009 by US-CERT, a government organization. Terms of use: __________________________________________________ __________________ Revision History March 29, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSdAg4XIHljM+H4irAQJ16Af9G3xHegmJB2Nx9u6J3k l8un/2Tz5J40sr DW/GTU0rvHtXDg/2Xs3Gv2IHYWqBRWG6HjZ1FbuTWbBqHvlWk0QVrjeeihNeXElP hp+ZRN6y+tHDCPRz1XT2YLE3zDldLv4v2c9YmsIEVdICiQZYe6 Y/ECKNDWXcUzNt EweRdI6/ZsAnyfZU24TxESH0L2/vQ4Qb3bRReCcVK4SWhno4cewsiiM5eAXs2EOP VcSH6UnEE2V/841IHcCV9i5NM7aO2VDvh1lolsr/HvpWROThKslLX/FO2nIdA78d ktvdaddRdHhJAWOkErlT8cj3nGXj0g2H1HQcDK8Nua/gEc2zOfog/Q== =sk7E -----END PGP SIGNATURE----- |
Quote:
|
| All times are GMT +1. The time now is 10:01 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0 PL2