Experts are warning that hackers have yet to activate the payload of the Conficker virus.

Discussion in 'Security Software' started by ~BD~, Jan 21, 2009.

  1. ~BD~

    ~BD~ Guest

    Quote (BBC) :-
    "Experts are warning that hackers have yet to activate the payload of
    the Conficker virus.

    The worm is spreading through low security networks, memory sticks, and
    PCs without current security updates.

    The malicious program - also known as Downadup or Kido - was first
    discovered in October 2008.

    Although the spread of the worm appears to be levelling off, there are
    fears someone could easily take control of any and all of the 9.5m
    infected PCs".

    Ref: http://news.bbc.co.uk/2/hi/technology/7832652.stm
     
    ~BD~, Jan 21, 2009
    #1
    1. Advertisements

  2. Something requested to be made public - slightly modified by me for
    wording...

    Reference material:

    MS08-067
    http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx
    Malicious Software Removal tool
    http://www.microsoft.com/security/malwareremove/default.mspx
    History: Win32/Conficker.B
    http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.B


    Though systems which have already applied the out-of-band released
    MS08-067 (http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx)
    in October 2008 are protected, unpatched system users have
    experienced system lockout and other problems.

    Last week, a version of the Malicious Software Removal tool
    (http://www.microsoft.com/security/malwareremove/default.mspx)
    (MSRT) was released that can help remove variants of
    Win32/Conficker and other resources.


    Some Background:

    Win32/Conficker.B
    (http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.B)
    exploits a vulnerability in the Windows Server service (SVCHOST.EXE)
    for Windows 2000, Windows XP, Windows Vista, Windows Server 2003,
    and Windows 2008. While Microsoft addressed this issue in October
    with Microsoft Security Bulletin MS08-67
    (http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx),
    and Forefront antivirus and OneCare (as well as other vendor's anti-virus
    products) helped protect against infections, many systems that have not
    been patched manually through Server Update Services and
    Microsoft/Windows Update or through Automatic Updates have recently
    come under attack by this worm. Attacked systems may lock out users,
    disable update services and block access to security-related Web sites.


    In response to this threat, Microsoft has:

    * Updated the January version of the MSRT to detect and remove
    variants of Win32/Conficker.B. You can download this version from the
    MSRT from either the Microsoft Update site
    (http://www.update.microsoft.com/) or through its associated
    Knowledge Base article (http://support.microsoft.com/kb/890830).

    * Created the KB article 962007 "Virus alert about the Win32/Conficker.B
    worm (http://support.microsoft.com/kb/962007)" to provide public details
    on the symptoms and removal methods available to address this issue.

    * Announced the release of the items and the virus threat itself on
    the Microsoft Malware Protection Center blog
    (http://blogs.technet.com/mmpc/archive/2009/01/13/msrt-released-today-addressing-conficker-and-banload.aspx).

    It is hoped that these resources can assist you in resolving issues with
    unpatched, infected systems and that you can apply MS08-067
    (http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx) to
    any other unpatched systems as soon as possible to avoid this threat.
     
    Shenan Stanley, Jan 21, 2009
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.