The Conservative Cave

Current Events => General Discussion => Topic started by: Rebel on March 31, 2009, 07:40:27 AM

Title: Worm being released tomorrow:
Post by: Rebel on March 31, 2009, 07:40:27 AM

Quote

                    National Cyber Alert System

              Technical Cyber Security Alert TA09-088A


Conficker Worm Targets Microsoft Windows Systems

   Original release date: March 29, 2009
   Last revised: March 30, 2009
   Source: US-CERT


Systems Affected

     * Microsoft Windows


Overview

   US-CERT is aware of public reports indicating a widespread
   infection of the Conficker/Downadup worm, which can infect a
   Microsoft Windows system from a thumb drive, a network share, or
   directly across a corporate network, if the network servers are not
   patched with the MS08-067 patch from Microsoft.


I. Description

   Home users can apply a simple test for the presence of a
   Conficker/Downadup infection on their home computers.  The presence
   of a Conficker/Downadup infection may be detected if a user is
   unable to surf to their security solution website or if they are
   unable to connect to the websites, by downloading detection/removal
   tools available free from those sites:
   
   *
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_
link_conficker_worm
   * http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
   * http://www.mcafee.com
   
   If a user is unable to reach any of these websites, it may indicate
   a Conficker/Downadup infection.  The most recent variant of
   Conficker/Downadup interferes with queries for these sites,
   preventing a user from visiting them.  If a Conficker/Downadup
   infection is suspected, the system or computer should be removed
   from the network or unplugged from the Internet - in the case for
   home users.


II. Impact

   A remote, unauthenticated attacker could execute arbitrary code on
   a vulnerable system.


III. Solution

   Instructions, support and more information on how to manually
   remove a Conficker/Downadup infection from a system have been
   published by major security vendors.  Please see below for a few of
   those sites. Each of these vendors offers free tools that can
   verify the presence of a Conficker/Downadup infection and remove
   the worm:
   
   Symantec:
 
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-01
1316-0247-99

   Microsoft:
   http://support.microsoft.com/kb/962007
   
   http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
   
   Microsoft PC Safety hotline at 1-866-PCSAFETY, for assistance.

   US-CERT encourages users to prevent a Conficker/Downadup infection by
   ensuring all systems have the MS08-067 patch (see
   http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx),
   disabling AutoRun functionality (see
   http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and
   maintaining up-to-date anti-virus software.


IV. References

 * Microsoft Windows Does Not Disable AutoRun Properly -
   <http://www.us-cert.gov/cas/techalerts/TA09-020A.html>

 * Virus alert about the Win32/Conficker.B worm -
   <http://support.microsoft.com/kb/962007>

 * Microsoft Security Bulletin MS08-067 - Critical -
   <http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>

 * MS08-067: Vulnerability in Server service could allow remote code
   execution -
   <http://support.microsoft.com/kb/958644>

 * The Conficker Worm -
   <http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm>

 * W32/Conficker.worm -
   <http://us.mcafee.com/root/campaign.asp?cid=54857>

 * W32.Downadup Removal Tool -
 
<http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-0
11316-0247-99> 

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA09-088A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA09-088A Feedback VU#827267" in
   the subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2009 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Title: Re: Worm being released tomorrow:
Post by: asdf2231 on March 31, 2009, 07:59:16 AM

I checked mine yesterday.

Good idea to see if your machines need De-Worming.

Title: Re: Worm being released tomorrow:
Post by: thundley4 on March 31, 2009, 08:04:55 AM

All four of our computers have protection.
(http://www1.istockphoto.com/file_thumbview_approve/2527539/2/istockphoto_2527539-condom-mouse.jpg)

Title: Re: Worm being released tomorrow:
Post by: NHSparky on March 31, 2009, 09:28:26 AM

Put anti-virus on mine before it ever saw the Net.

Title: Re: Worm being released tomorrow:
Post by: Toastedturningtidelegs on March 31, 2009, 10:46:11 AM

Can we start putting the ****ers who create this shit to death! :censored:

Title: Re: Worm being released tomorrow:
Post by: AllosaursRus on April 01, 2009, 07:29:25 PM

Quote from: Toastedturningtidelegs on March 31, 2009, 10:46:11 AM

Can we start putting the ****ers who create this shit to death! :censored:

I WISH! I have no idea what in the world posseses these fools to do this!

Title: Re: Worm being released tomorrow:
Post by: rich_t on April 01, 2009, 07:32:26 PM

Quote from: AllosaursRus on April 01, 2009, 07:29:25 PM

I WISH! I have no idea what in the world posseses these fools to do this!

It's the same "let's **** with people" attitude that causes folks to run for Congress.

 :rotf:

Title: Re: Worm being released tomorrow:
Post by: DixieBelle on April 01, 2009, 08:45:19 PM

well my email went nuts today. (Apologies to some of you!!)

Title: Re: Worm being released tomorrow:
Post by: TheSarge on April 01, 2009, 08:54:52 PM

The hackers didn't seem interested in tangling with Mac.

Title: Re: Worm being released tomorrow:
Post by: 5412 on April 02, 2009, 09:42:53 PM

Quote from: TxRadioguy on April 01, 2009, 08:54:52 PM

The hackers didn't seem interested in tangling with Mac.

Hi,

Well the son-of-a-bitch got one of my computers too.  I had a blank screen, restarted the computer and it started deleting files like you would not believe.  I re-loaded Vista and can get the computer open but cannot get on the internet to download the fix.

Went to Best Buy and they wanted $300 to fix it, and it is about four years old.  I can buy a new, faster one for $600 so that decision became a no-brainer.  Fortunately I have the data backed up and there is only one bit of data I would like to see if I can recover.  My son has been with EDS now for 20+ years and he will try to get the data for me on Saturday, then he will reboot the entire hard drive, reload Vista and the computer will go home with him.

I agree with finding a way to bust the idiot who has too much time on their hands to disrupt the lives of so many people.  My wife thinks it is someone who benefits from selling programs or hardware an if she is right, then the death penalty is not quite enough.....

regards,
5412

Title: Re: Worm being released tomorrow:
Post by: EastFacingNorth on April 03, 2009, 12:26:20 AM

Quote from: TxRadioguy on April 01, 2009, 08:54:52 PM

The hackers didn't seem interested in tangling with Mac.

Meh.

Write completely different code that would infect, at maximum, 3% of all computers in the world?  Especially with a worm, why bother?