Early Friday on January 16, 2009, the Finnish firm revised its estimate of the number of computers that had fallen victim to a new worm called Confiker (Known as Kido or Downadup as well).
The worm, which is surging dramatically during the past few days, exploits a bug in the Windows Server service used by all supported versions of Microsoft’s operating system, including Windows 2000, XP, Vista, Server 2003 and Server 2008. It disables system restore, blocks access to security websites, and downloads additional malware to infected machines. The worm uses a complicated algorithm which changes daily and is based on timestamps from public websites such as Google.com and Baidu.com. The worm’s algorithm generates many possible domain names every day. It concern hundreds of names such as: qimkwaify .ws, mphtfrxs .net, gxjofpj .ws, imctaef .cc, and hcweu .org. This functionality makes it impossible and impractical to shut them all down — most of them are never registered in the first place.
Urgent advice: users are strongly recommended to ensure their antivirus databases are up to date. A patch for the windows bug/vulnerability is available from Microsoft: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx It concern Microsoft Security Bulletin MS08-067 – Critical / Vulnerability in Server Service Could Allow Remote Code Execution (958644).
Sources/references of this outbreak alert and background information:
Kaspersky Lab
Guardian.co.uk
Microsoft
ThreatExpert
F-Secure
Symantec
NetworkWorld
DarkReading
Kaspersky Lab disinfection/removal tool: http://support.kaspersky.com/faq/?qid=208279973
Steps to take in order to ensure your protected April 1st against the Conficker worm:
1. Ensure that you are up to date with the latest Microsoft Security Patches, go to http://www.windowsupdate.com for more information.
2. Ensure that your anti-virus is up to date with the latest signatures. You can also visit http://www.symantec.com, and http://www.mcafee.com for more information on detection and removal tools for the Conficker worm.
3. Ensure your passwords are complex, this should consist of an eight character password with uppercase, lowercase, numbers, and special symbols for example !@#$%^&*()-+.
4. If your company is already infected with the Conficker worm, contact SecureState immediately for incident response support.
5. Additional sites that may be of help: http://support.microsoft.com/kb/962007, http://vil.nai.com/vil/content/v_153464.htm, and http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml
Aucun commentaire:
Enregistrer un commentaire