Win32/Conficker.B Worm

March 30th, 2009 Posted in Security News

With millions of unpatched computers to victimize, the Win32/Conficker.B (also known as Downadup or W32.Downadup) worm continues to exploit the vulnerability in Microsoft RPC identified in Microsoft Security Bulletin MS08-067.

The worm exploits a vulnerability in the Windows Server service (svchost.exe) on Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008 systems. Compromised systems may lock out users, disable Windows update service, and block access to security-related web sites. All of these things make it more difficult for users to identify and remove the threat.

To protect against the threat, make sure you have applied the patch from Security Bulletin MS08-067. If you think your system is infected, or just want to make sure it is not infected, download and run the Microsoft Malicious Software Removal Tool.

But what can you do if you can’t patch a computer with Microsoft’s patch for some reason?

Our advice is to block all incoming and outgoing traffic on port 445 from those computers to ensure that (a) they aren’t hit with exploits from the internet and (b) if they somehow are exploited, they aren’t able to infect the rest of the network via file shares.

Furthermore, if you have a group policy in place to lock out accounts after too many unsuccessful login attempts, the worm will probably cause many of these accounts to become locked out during the worm’s password-cracking attempts. This can obviously be annoying, but at the same time it is a good indicator that you may have an infected computer on the network.

And if you want to stop unpatched computers causing problems inside your organisation in future, you might want to consider adopting a network access control (NAC) solution. With NAC you can ensure that endpoints are meeting minimum standards such as running the latest patches – and if they’re not, fix them or quarantine them.

Passwords used by the Conficker worm

confick-brute-passwords[images via sophos-com]

Related Terms:

porn hot - iphone porn service - HOW to permanently remove worm Win32 conficker B - Worm:Win32/Conficker B - worm win32/conficker b - windows xp remove win32/conficker b download - Win32/Autoit DB worm permanent delete - win32/autoit db fix - remove worm conficker b - permanent removal of conficker - how to remove worm win32 conficker b - how to remove win32/conficker b - Worm:Win32/Conficker B cant remove -
Share this post:
  • Digg
  • del.icio.us
  • Facebook
  • email
  • StumbleUpon
  • Technorati

Tags: , ,
This entry was posted on Monday, March 30th, 2009 at 4:28 am and is filed under Security News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply