Author Topic: Worm being released tomorrow: (Read 2036 times)

Rebel · « **on:** March 31, 2009, 07:40:27 AM »

Quote

National Cyber Alert System

Technical Cyber Security Alert TA09-088A

Conficker Worm Targets Microsoft Windows Systems

Original release date: March 29, 2009
Last revised: March 30, 2009
Source: US-CERT

Systems Affected

* Microsoft Windows

Overview

US-CERT is aware of public reports indicating a widespread
infection of the Conficker/Downadup worm, which can infect a
Microsoft Windows system from a thumb drive, a network share, or
directly across a corporate network, if the network servers are not
patched with the MS08-067 patch from Microsoft.

I. Description

Home users can apply a simple test for the presence of a
Conficker/Downadup infection on their home computers. The presence
of a Conficker/Downadup infection may be detected if a user is
unable to surf to their security solution website or if they are
unable to connect to the websites, by downloading detection/removal
tools available free from those sites:

*
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_
link_conficker_worm
* http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
* http://www.mcafee.com

If a user is unable to reach any of these websites, it may indicate
a Conficker/Downadup infection. The most recent variant of
Conficker/Downadup interferes with queries for these sites,
preventing a user from visiting them. If a Conficker/Downadup
infection is suspected, the system or computer should be removed
from the network or unplugged from the Internet - in the case for
home users.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code on
a vulnerable system.

III. Solution

Instructions, support and more information on how to manually
remove a Conficker/Downadup infection from a system have been
published by major security vendors. Please see below for a few of
those sites. Each of these vendors offers free tools that can
verify the presence of a Conficker/Downadup infection and remove
the worm:

Symantec:

http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-01
1316-0247-99

Microsoft:
http://support.microsoft.com/kb/962007

http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

Microsoft PC Safety hotline at 1-866-PCSAFETY, for assistance.

US-CERT encourages users to prevent a Conficker/Downadup infection by
ensuring all systems have the MS08-067 patch (see
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx),
disabling AutoRun functionality (see
http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and
maintaining up-to-date anti-virus software.

IV. References

* Microsoft Windows Does Not Disable AutoRun Properly -
<http://www.us-cert.gov/cas/techalerts/TA09-020A.html>

* Virus alert about the Win32/Conficker.B worm -
<http://support.microsoft.com/kb/962007>

* Microsoft Security Bulletin MS08-067 - Critical -
<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>

* MS08-067: Vulnerability in Server service could allow remote code
execution -
<http://support.microsoft.com/kb/958644>

* The Conficker Worm -
<http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm>

* W32/Conficker.worm -
<http://us.mcafee.com/root/campaign.asp?cid=54857>

* W32.Downadup Removal Tool -

<http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-0
11316-0247-99>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-088A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-088A Feedback VU#827267" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

asdf2231 · « **Reply #1 on:** March 31, 2009, 07:59:16 AM »

I checked mine yesterday.

Good idea to see if your machines need De-Worming.

thundley4 · « **Reply #2 on:** March 31, 2009, 08:04:55 AM »

All four of our computers have protection.

NHSparky · « **Reply #3 on:** March 31, 2009, 09:28:26 AM »

Put anti-virus on mine before it ever saw the Net.

Toastedturningtidelegs · « **Reply #4 on:** March 31, 2009, 10:46:11 AM »

Can we start putting the ****ers who create this shit to death!

AllosaursRus · « **Reply #5 on:** April 01, 2009, 07:29:25 PM »

Quote from: Toastedturningtidelegs on March 31, 2009, 10:46:11 AM

Can we start putting the ****ers who create this shit to death!

I WISH! I have no idea what in the world posseses these fools to do this!

rich_t · « **Reply #6 on:** April 01, 2009, 07:32:26 PM »

Quote from: AllosaursRus on April 01, 2009, 07:29:25 PM

I WISH! I have no idea what in the world posseses these fools to do this!

It's the same "let's **** with people" attitude that causes folks to run for Congress.

DixieBelle · « **Reply #7 on:** April 01, 2009, 08:45:19 PM »

well my email went nuts today. (Apologies to some of you!!)

TheSarge · « **Reply #8 on:** April 01, 2009, 08:54:52 PM »

The hackers didn't seem interested in tangling with Mac.

5412 · « **Reply #9 on:** April 02, 2009, 09:42:53 PM »

Quote from: TxRadioguy on April 01, 2009, 08:54:52 PM

The hackers didn't seem interested in tangling with Mac.

Hi,

Well the son-of-a-bitch got one of my computers too. I had a blank screen, restarted the computer and it started deleting files like you would not believe. I re-loaded Vista and can get the computer open but cannot get on the internet to download the fix.

Went to Best Buy and they wanted $300 to fix it, and it is about four years old. I can buy a new, faster one for $600 so that decision became a no-brainer. Fortunately I have the data backed up and there is only one bit of data I would like to see if I can recover. My son has been with EDS now for 20+ years and he will try to get the data for me on Saturday, then he will reboot the entire hard drive, reload Vista and the computer will go home with him.

I agree with finding a way to bust the idiot who has too much time on their hands to disrupt the lives of so many people. My wife thinks it is someone who benefits from selling programs or hardware an if she is right, then the death penalty is not quite enough.....

regards,
5412

EastFacingNorth · « **Reply #10 on:** April 03, 2009, 12:26:20 AM »

Quote from: TxRadioguy on April 01, 2009, 08:54:52 PM

The hackers didn't seem interested in tangling with Mac.

Meh.

Write completely different code that would infect, at maximum, 3% of all computers in the world? Especially with a worm, why bother?

The Conservative Cave

News:

Author Topic: Worm being released tomorrow: (Read 2036 times)

Rebel

Worm being released tomorrow:

asdf2231

Re: Worm being released tomorrow:

thundley4

Re: Worm being released tomorrow:

NHSparky

Re: Worm being released tomorrow:

Toastedturningtidelegs

Re: Worm being released tomorrow:

AllosaursRus

Re: Worm being released tomorrow:

rich_t

Re: Worm being released tomorrow:

DixieBelle

Re: Worm being released tomorrow:

TheSarge

Re: Worm being released tomorrow:

5412

Re: Worm being released tomorrow:

EastFacingNorth

Re: Worm being released tomorrow: