Corrine Posted March 26, 2009 Share Posted March 26, 2009 It is estimated that there are well over a million Windows PC’s currently infected with Conficker. As illustrated in code at the CA Security Advisor Research Blog, on April 1, 2009, the infected machines will attempt to generate 50,000 URLs daily to download an additional component with new instructions.Think globally and realize that April 1 will arrive earlier in other parts of the world than Europe, U.S., Canada and even Australia. Ensure that Security Bulletin MS08-067 is installed on your computer. For other preventative steps, see Time is of the essence. Quote Link to comment Share on other sites More sharing options...
striker Posted March 26, 2009 Share Posted March 26, 2009 You don't actually believe the MS08-067 patch only on its own stops it, do you? Good luck then...There are additional measures necessary to stop this thing.See : http://windowssecrets.com/2009/03/12/02-Mi...e-AutoRun-in-XP Quote Link to comment Share on other sites More sharing options...
Guitar Man Posted March 28, 2009 Share Posted March 28, 2009 Thanks for the link, Striker. Excellent article by Susan Bradley. A paragraph in particular merits noting: The instructions to disable AutoRun in last week's article worked fine in Vista Home and Vista Business, where the Registry key is where Microsoft said. The instructions also worked in XP Professional, which includes the Group Policy Editor and automatically operates on the correct branch of the Registry.The errant key location in the steps affected only users of XP Home, which doesn't come with the Group Policy Editor. XP Home requires manual editing of the Registry key via the Regedit utility.Additionally, at the very bottom of her article, there is another link for paid subscribers (I'm not one of them), that has a mention of having to reapply a patch after installing XP SP3.If you installed XP Service Pack 3 or Windows Server SP2 after September 2008, you need to reapply an important security update.In addition, if Windows Update offers your XP or Server 2003 system Microsoft's security bulletin MS08-067 patch, you should install it — even if you've previously done so.FWIW, I run XP Pro SP2, and I am thinking of reinstalling SP3 again, after building a new system recently. I am (or will be) updated no matter what service pack I have, in part to personal habits and/or using Secunia as a reminder service. Also, I'd like to add that when you try to manually install a patch (from MS TechNET for example), if the patch is already identified as being on the system, it will notify you via the usual prompt or pop-up. I believe (if Bradley's article is correct) that this exception will allow the reapplication of that hotfix.I'll give it try and report back with my findings in due course. Quote Link to comment Share on other sites More sharing options...
Corrine Posted March 30, 2009 Author Share Posted March 30, 2009 You don't actually believe the MS08-067 patch only on its own stops it, do you? Good luck then... There are additional measures necessary to stop this thing.See : http://windowssecrets.com/2009/03/12/02-Mi...e-AutoRun-in-XP Of course MS08-067 isn't all that is needed but is the most important security update against this worm. Disabling autorun also isn't the only other measure. File sharing needs to be disabled and the other normal precautions of a firewall, up-to-date antivirus software, etc. Considering the attention Conficker is getting, a/v companies on their toes with this one.It also is likely that SNF regulars have most, if not all, the right security measures in place. For those who are interested in instructions for disabling file sharing, autorun, etc., see Conficker Information for the Home Computer User. Quote Link to comment Share on other sites More sharing options...
striker Posted March 30, 2009 Share Posted March 30, 2009 Quote Link to comment Share on other sites More sharing options...
Laz Posted March 31, 2009 Share Posted March 31, 2009 (edited) You don't actually believe the MS08-067 patch only on its own stops it, do you? Good luck then...There are additional measures necessary to stop this thing.See : http://windowssecrets.com/2009/03/12/02-Mi...e-AutoRun-in-XP Well, I jumped through the hoops they provided with mixed results.At first I thought all was well, as I could reach ca.com and symantec.comwithout any problems using Firefox. Just for the **** of it I then tried the same with IE7. Although I could get to Windows Updates OK, attempting to contact thesecurity pages resulted in a crashed IE every time. SInce this was supposed to bethe Litmus test, I concluded that my system was infected. Not so according to theBit Defender removal tool, which was also recommended by Livingstrom. Incidentallythat utility was downloaded on the same machie through Firefox. Ambiguous don't you think? I'll try again using the Symantec removal tooltomorrow. All my patches are up to date, and autoplay has been demonstrablydisabled. It's a good thing I have drive images from better times that will allowme to restore to pristine conditions if I don't get conclusive evidence of a clean bill of health.RegardsLaz Edited March 31, 2009 by Laz Quote Link to comment Share on other sites More sharing options...
Corrine Posted March 31, 2009 Author Share Posted March 31, 2009 Laz, if you can get to Symantec and other security websites then your computer is not infected with this worm. Quote Link to comment Share on other sites More sharing options...
Laz Posted March 31, 2009 Share Posted March 31, 2009 (edited) Laz, if you can get to Symantec and other security websites then your computer is not infected with this worm. Thanks for the reassurance Corrine, but something is amiss. Yes I can connect to those sites with Firefox, but why does Internet Explorer take a dive with the same sites, and only those sites. Seems like even if the computer is ok, IE is not.In itself this is not a problem, as I only use IE for the MS updates, but it's a curiouscoincidence don't you think?RegardsLaz Edited March 31, 2009 by Laz Quote Link to comment Share on other sites More sharing options...
striker Posted March 31, 2009 Share Posted March 31, 2009 Some homework to check out :http://support.microsoft.com/kb/962007 Quote Link to comment Share on other sites More sharing options...
Laz Posted April 1, 2009 Share Posted April 1, 2009 Some homework to check out :http://support.microsoft.com/kb/962007 Thanks for the excellent link Striker. I'm off to reload Windows! Quote Link to comment Share on other sites More sharing options...
goretsky Posted April 2, 2009 Share Posted April 2, 2009 Hello,The Conficker Working Group is a good source of information about the worm: http://www.confickerworkinggroup.org/Regards,Aryeh Goretsky Quote Link to comment Share on other sites More sharing options...
Laz Posted April 3, 2009 Share Posted April 3, 2009 Hello,The Conficker Working Group is a good source of information about the worm: http://www.confickerworkinggroup.org/Regards,Aryeh Goretsky Interestingly I got the same link via email from PC Tools. That was a surprise, as the link indicated all their competitors, without mentioning PC Tools. A somewhat unusual move I thought. Quote Link to comment Share on other sites More sharing options...
striker Posted April 3, 2009 Share Posted April 3, 2009 A simple and effective test:The Conficker Eye Charthttp://www.confickerworkinggroup.org/infec...cfeyechart.html Quote Link to comment Share on other sites More sharing options...
zlim Posted April 3, 2009 Share Posted April 3, 2009 Nice chart striker. Even a novice can figure that out without much explanation. Quote Link to comment Share on other sites More sharing options...
ross549 Posted April 3, 2009 Share Posted April 3, 2009 http://i.gizmodo.com/5197148/how-the-confi...-got-much-worse Quote Link to comment Share on other sites More sharing options...
.thumb.jpg.7c3caaf218a75d76e16db7a5bddfb463.jpg)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.