|
Posted by Shenan Stanley on January 21, 2009, 3:24 pm
If you were Registered and logged in, you could reply and use other advanced thread options
~BD~ wrote:
> Quote (BBC) :-
> "Experts are warning that hackers have yet to activate the payload
> of the Conficker virus.
>
> The worm is spreading through low security networks, memory sticks,
> and PCs without current security updates.
>
> The malicious program - also known as Downadup or Kido - was first
> discovered in October 2008.
>
> Although the spread of the worm appears to be levelling off, there
> are fears someone could easily take control of any and all of the
> 9.5m infected PCs".
>
> Ref: http://news.bbc.co.uk/2/hi/technology/7832652.stm
Something requested to be made public - slightly modified by me for
wording...
Reference material:
MS08-067
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx
Malicious Software Removal tool
http://www.microsoft.com/security/malwareremove/default.mspx
History: Win32/Conficker.B
http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.B
Though systems which have already applied the out-of-band released
MS08-067 (http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx)
in October 2008 are protected, unpatched system users have
experienced system lockout and other problems.
Last week, a version of the Malicious Software Removal tool
(http://www.microsoft.com/security/malwareremove/default.mspx)
(MSRT) was released that can help remove variants of
Win32/Conficker and other resources.
Some Background:
Win32/Conficker.B
(http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.B)
exploits a vulnerability in the Windows Server service (SVCHOST.EXE)
for Windows 2000, Windows XP, Windows Vista, Windows Server 2003,
and Windows 2008. While Microsoft addressed this issue in October
with Microsoft Security Bulletin MS08-67
(http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx),
and Forefront antivirus and OneCare (as well as other vendor's anti-virus
products) helped protect against infections, many systems that have not
been patched manually through Server Update Services and
Microsoft/Windows Update or through Automatic Updates have recently
come under attack by this worm. Attacked systems may lock out users,
disable update services and block access to security-related Web sites.
In response to this threat, Microsoft has:
* Updated the January version of the MSRT to detect and remove
variants of Win32/Conficker.B. You can download this version from the
MSRT from either the Microsoft Update site
(http://www.update.microsoft.com/) or through its associated
Knowledge Base article (http://support.microsoft.com/kb/890830).
* Created the KB article 962007 "Virus alert about the Win32/Conficker.B
worm (http://support.microsoft.com/kb/962007)" to provide public details
on the symptoms and removal methods available to address this issue.
* Announced the release of the items and the virus threat itself on
the Microsoft Malware Protection Center blog
(http://blogs.technet.com/mmpc/archive/2009/01/13/msrt-released-today-addressing-conficker-and-banload.aspx).
It is hoped that these resources can assist you in resolving issues with
unpatched, infected systems and that you can apply MS08-067
(http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx) to
any other unpatched systems as soon as possible to avoid this threat.
--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map