Jump to content

Deadline Approaches for Confiker (Downadup) Worm


Corrine
 Share

Recommended Posts

It is estimated that there are well over a million Windows PC’s currently infected with Conficker. As illustrated in code at the CA Security Advisor Research Blog, on April 1, 2009, the infected machines will attempt to generate 50,000 URLs daily to download an additional component with new instructions.Think globally and realize that April 1 will arrive earlier in other parts of the world than Europe, U.S., Canada and even Australia. Ensure that Security Bulletin MS08-067 is installed on your computer. For other preventative steps, see Time is of the essence.

Link to comment
Share on other sites

Thanks for the link, Striker. Excellent article by Susan Bradley. A paragraph in particular merits noting:

The instructions to disable AutoRun in last week's article worked fine in Vista Home and Vista Business, where the Registry key is where Microsoft said. The instructions also worked in XP Professional, which includes the Group Policy Editor and automatically operates on the correct branch of the Registry.The errant key location in the steps affected only users of XP Home, which doesn't come with the Group Policy Editor. XP Home requires manual editing of the Registry key via the Regedit utility.
Additionally, at the very bottom of her article, there is another link for paid subscribers (I'm not one of them), that has a mention of having to reapply a patch after installing XP SP3.
If you installed XP Service Pack 3 or Windows Server SP2 after September 2008, you need to reapply an important security update.In addition, if Windows Update offers your XP or Server 2003 system Microsoft's security bulletin MS08-067 patch, you should install it — even if you've previously done so.
FWIW, I run XP Pro SP2, and I am thinking of reinstalling SP3 again, after building a new system recently. I am (or will be) updated no matter what service pack I have, in part to personal habits and/or using Secunia as a reminder service. Also, I'd like to add that when you try to manually install a patch (from MS TechNET for example), if the patch is already identified as being on the system, it will notify you via the usual prompt or pop-up. I believe (if Bradley's article is correct) that this exception will allow the reapplication of that hotfix.I'll give it try and report back with my findings in due course.
Link to comment
Share on other sites

You don't actually believe the MS08-067 patch only on its own stops it, do you? Good luck then... There are additional measures necessary to stop this thing.See : http://windowssecrets.com/2009/03/12/02-Mi...e-AutoRun-in-XP :thumbsup:
Of course MS08-067 isn't all that is needed but is the most important security update against this worm. Disabling autorun also isn't the only other measure. File sharing needs to be disabled and the other normal precautions of a firewall, up-to-date antivirus software, etc. Considering the attention Conficker is getting, a/v companies on their toes with this one.It also is likely that SNF regulars have most, if not all, the right security measures in place. For those who are interested in instructions for disabling file sharing, autorun, etc., see Conficker Information for the Home Computer User.
Link to comment
Share on other sites

You don't actually believe the MS08-067 patch only on its own stops it, do you? Good luck then...There are additional measures necessary to stop this thing.See : http://windowssecrets.com/2009/03/12/02-Mi...e-AutoRun-in-XP :whistling:
Well, I jumped through the hoops they provided with mixed results.At first I thought all was well, as I could reach ca.com and symantec.comwithout any problems using Firefox. Just for the **** of it I then tried the same with IE7. Although I could get to Windows Updates OK, attempting to contact thesecurity pages resulted in a crashed IE every time. SInce this was supposed to bethe Litmus test, I concluded that my system was infected. Not so according to theBit Defender removal tool, which was also recommended by Livingstrom. Incidentallythat utility was downloaded on the same machie through Firefox. Ambiguous don't you think? I'll try again using the Symantec removal tooltomorrow. All my patches are up to date, and autoplay has been demonstrablydisabled. It's a good thing I have drive images from better times that will allowme to restore to pristine conditions if I don't get conclusive evidence of a clean bill of health.RegardsLaz Edited by Laz
Link to comment
Share on other sites

Laz, if you can get to Symantec and other security websites then your computer is not infected with this worm.

Link to comment
Share on other sites

Laz, if you can get to Symantec and other security websites then your computer is not infected with this worm.
Thanks for the reassurance Corrine, but something is amiss. Yes I can connect to those sites with Firefox, but why does Internet Explorer take a dive with the same sites, and only those sites. Seems like even if the computer is ok, IE is not.In itself this is not a problem, as I only use IE for the MS updates, but it's a curiouscoincidence don't you think?RegardsLaz Edited by Laz
Link to comment
Share on other sites

Hello,The Conficker Working Group is a good source of information about the worm: http://www.confickerworkinggroup.org/Regards,Aryeh Goretsky
Interestingly I got the same link via email from PC Tools. That was a surprise, as the link indicated all their competitors, without mentioning PC Tools. A somewhat unusual move I thought.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...