The Brave Programmer - Blogging and coding
Not for the faint hearted
 

Blog Posts From The Brave Programmer

Minimize

Rampant Conficker Worm Causing Problems for Millions.

Jan17

Written by:
2009/01/17 10:00 AM RssIcon

Businesses worldwide are under attack from a highly infectious computer worm that has infected almost 9 million PCs, according to anti-virus company F-Secure.

Businesses worldwide are under attack from a highly infectious computer worm that has infected almost 9 million PCs, according to anti-virus company F-Secure.

“This malware mostly spreads within corporations but also was reported by several hundred home users. It opens a random port between port 1024 and 10000 and acts like a web server. It propagates to random computers on the network by exploiting MS08-067. Once the remote computer is exploited, that computer will download a copy of the worm via HTTP using the random port opened by the worm. The worm often uses a .JPG extension when copied over and then it is saved to the local system folder as a random named dll. It is also interesting to note that the worm patches the vulnerable API in memory so the machine will not be vulnerable anymore. It is not that the malware authors care so much about the computer as they want to make sure that other malware will not take it over too.”

Since this could be anything from a password stealer to remote control software, a Conflicker-infected PC is basically under the complete control of its attackers.

The Conficker Worm spreads in three basic ways:

  1. It attacks a vulnerability in the Microsoft Server service. If your computers does not have the October patch it can be remotely attacked and taken over.
  2. Conficker tries to guess or 'brute force' Administrator passwords.
  3. The Conficker Worm infects removable devices and network shares with an autorun file This then executes as soon as a USB drive or other infected device is connected to a victims PC.

How do I protect myself against such worms and viruses?

Firstly, most of these virus are more dangerous too and are prone to attack business networks. They rely on the vast matrix of connectivity to spread to machine after machine. Because the bigger corporations have a lot of red tape when it comes to updates of their software. They are at greater risk. Once a PC on the network is infected, it often has open access to spread to other PC's on the network.

Home based PC's on the other hand are most likely protected by some sort of firewall. They are also generally most likely to be updated often, as most users allow Microsoft's and other vendors, like anti-virus software  updates to run automatically in the background. So most recent updates are most likely to have been installed. If not, make sure you have all the latest updates and patches.

Make sure that your updated anti-virus is actually running. Many gamers turn off their anti-virus to get more speed out of their machines. But often forget to turn it back on when done. This is also a huge vulnerability, as many gamers would be connected via LAN. With anti-virus and firewalls disabled. With the unknown security status of other machines on the LAN. This then becomes a prime breading ground for such viruses and worms.

Turn off  or disable "Autorun" so that a PC won't suffer automatic attack from an infected USB drive or other removable media when it's connected.

Oh, and make sure you run a quick scan right now, just to be sure. If you have already done that, do it again. Like the Irish say, to be sure to be sure.

Have you or you company been infected by the Conficker Worm? What other viruses or worms have been a real problem for you in the past?

Drop us a note and let us know.

 

Tags:
Categories:
blog comments powered by Disqus
 
Blog Updates Via E-mail
 Blog Updates Via E-mail
Minimize

Do you want to receive blog updates via e-mail. Then just click on the link below. You will be redirected to Google's feed burner, where you can fill out a form. Supplying your e-mail address.

The subscription is managed entirely by Google's Feedburner. We cannot and do not collect your email address.

Subscribe to The Brave Programmer by Email

Print  
 

 

Latest Comments
 Latest Comments
Minimize
Powered by Disqus

Sign up with Disqus to enjoy a  surprise box of features

Print  
 
Blog Roll
 Blog Roll
Minimize
Print  
 
Categories
 Categories
Minimize
Print  
 
<h1>Search Blogs From The Brave Programmer</h1>
 

Search Blogs From The Brave Programmer

Minimize
Print  
 
Archive
 Archive
Minimize
Archive
<October 2024>
SunMonTueWedThuFriSat
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789
Monthly
Go
Print  
 
<h1>News Feeds (RSS)</h1>
 

News Feeds (RSS)

Minimize
Print  
 

Follow robertbravery on Twitter

Blog Engage Blog Forum and Blogging Community, Free Blog Submissions and Blog Traffic, Blog Directory, Article Submissions, Blog Traffic

View Robert Bravery's profile on LinkedIn

Mybyte

 

Robert - Find me on Bloggers.com

Tags
 Tags
Minimize
Print  
 
Contact Us Now
 Contact Us Now
Minimize
 

Email  us now or call us on 082-413-1420,  to host your website.

We design and develop websites. We develop websites that make a difference. We do Dotnetnuke Module development.

Web Masters Around The World
Power By Ringsurf
Print