What is Conficker ?
Conficker
Conficker, also known as "Downup", "Downadup" and "Kido", is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system. The worm exploits a previously patched vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta. The worm has been unusually difficult for network operators and law enforcement to counter because of its combined use of advanced malware techniques.
Symptoms
* Account lockout policies being reset automatically.
* Certain Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender and Error Reporting Services disabled.
* Domain controllers responding slowly to client requests.
* Congestion on local area networks.
* Web sites related to antivirus software becoming inaccessible.
5 ways to avoid Conficker
Know this, that Conficker invading computers "vulnerable", ie those who do not have a system to date.
1: Do a Windows Update
First rule, which may seem obvious but is not given the number of infected machines: run an updated Windows Update! Note that on infected machines, ensures Conficker disable Windows Update and maintain disabled.
If you experience problems with Windows Update on your computer, directly download the patch that fixes the flaw exploited by Conficker following the appropriate link:
- For Windows XP
- For Windows Vista
2: Make sure the patch is installed
To verify that the patch is installed you can either use a program like Belarc Advisor or Microsoft Baseline Security Advisor, or simply make the next movement, go to Control Panel, the management module Add/Remove Programs (or simply "uninstall a program" in Vista), then check Show updates (or on Vista click "show all updates installed") and verify that the hotfix KB958644 is installed (in the Windows updates, while bottom of the list).
Quote:
Note to Vista users: If you installed the beta or RC version of Vista SP2 (Update KB955430), your computer is protected while the KB958644 patch does not appear.
3: Make sure there are no traces of Conficker on the system
Check Conficker that is not already more or less on your system. For this, the simplest is to use the detection/removal of malicious code from Microsoft.
Click on this link, then click Download, click Run, Run again, then Next, then complete analysis and then click Next. At the end of the analysis, click on View the detailed results of research to verify everything is OK and that Conficker was not detected.
4: Verify that there are no traces of Conficker on your network
Conficker can also spread by infecting files shared on the network. It is therefore essential, if you have multiple machines on the network or a NAS (hard drive connected to the network), to scan these areas potentially infected. Use your antivirus whether it is the latest version (2009 edition). Otherwise, use a scan line by calling for a personalized analysis and selecting the network drives. You can use Panda TotalScan.
5: Disable Autorun for removable devices
Conficker spreads, like many new malware, infecting the USB key. If you have an antivirus recent (2009 edition) it is very likely to include the management of devices and automatically scans the keys when they were introduced into the system. If you have any doubts on the subject, you can take safety measures preventing the automatic execution of programs with the introduction of a key (ie, deactivate AUTORUN.INF). To do this:
- Launch REGEDIT
- Deploy the key: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf"
- Double-click the value "(default)" and enter the data: @SYS:DoesNotExist
5 mistakes that make Conficker exists
Altogether, five principles for not being infected by malware as Conficker, five errors in behavior that have allowed Conficker to exist and spread.
1 - Do not enable automatic updates
Some so-called "experts" advise users not to activate the Automatic Windows Update on the pretext that you may encounter conflicts or be terminated if you use a pirated copy of XP and Vista. The truth is that not to activate the automatic mode of Windows Vista is the assurance of being infected very soon! Almost all exploits are created when Microsoft releases an update (after analysis of the patch).
Windows Update is not likely to crash your PC, since driver updates are not sent into the automatic mode. At worst, if there was an incident, you could always make a system restore or uninstall the patch disabling. As to piracy, Microsoft does not persecute users (and dealers) and do not use Windows Update as a cookie (that would be unnecessary, millions of PCs around the world use a pirated XP). To activate the automatic mode, launch the Security Center, click Automatic Updates and select Automatic.
2 - To be trapped like a blue by Rogues
Guess what? Since the threat Conficker there has come on the market a number of implausible "Removers", "SuperMegaAntivirus", "HyperAntispyware" and other programs that claim to security solutions and in fact are the Trojans! We call these programs "Rogues". They are very popular. Conclusion: Use of tools known and reputable companies, beware of all the antivirus that you offer "sites under" or "pop-up".
3 - Believing that there are non-infected keygens
Spread the word, piracy is the primary source of infection of the PC. Multiple Keygen Cracks and other available on the "news" and other P2P networks are infected. A recent test conducted has even shown a file of old crack downloaded a week on the "news" could be recognized by any antivirus or even updated VirusTotal and yet be terribly dangerous for Windows XP (Vista was able to resist infection even though the virus did nothing). However if the antiviral scans did nothing, the protections "real time" of most antivirus alerts posted in performance of the crack.
4 - Believing antivirus scans are useless
Some believe that the protections "real time" antivirus enough, and it is unnecessary to run scans. Bad idea. Typically, in the case of Conficker a virus from another computer from home can infect the network shared folders or network drives. Hence the importance of launching frequently not only complete scans of your hard disks, but also the shared folders of other machines or NAS.
5 - To believe that passwords are useless
Conficker spreads more easily than the profile on which it runs has no passwords. The software even has a mechanism that attempts to force the network passwords by trying passwords most common in the world and other techniques. Hence the importance of always using a profile is protected by a strong password consisting of at least 7 characters, 1 digit, 1 upper case and a sign (*, +, -, @, etc).
Source : techarena
Conficker
Conficker, also known as "Downup", "Downadup" and "Kido", is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system. The worm exploits a previously patched vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta. The worm has been unusually difficult for network operators and law enforcement to counter because of its combined use of advanced malware techniques.
Symptoms
* Account lockout policies being reset automatically.
* Certain Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender and Error Reporting Services disabled.
* Domain controllers responding slowly to client requests.
* Congestion on local area networks.
* Web sites related to antivirus software becoming inaccessible.
5 ways to avoid Conficker
Know this, that Conficker invading computers "vulnerable", ie those who do not have a system to date.
1: Do a Windows Update
First rule, which may seem obvious but is not given the number of infected machines: run an updated Windows Update! Note that on infected machines, ensures Conficker disable Windows Update and maintain disabled.
If you experience problems with Windows Update on your computer, directly download the patch that fixes the flaw exploited by Conficker following the appropriate link:
- For Windows XP
- For Windows Vista
2: Make sure the patch is installed
To verify that the patch is installed you can either use a program like Belarc Advisor or Microsoft Baseline Security Advisor, or simply make the next movement, go to Control Panel, the management module Add/Remove Programs (or simply "uninstall a program" in Vista), then check Show updates (or on Vista click "show all updates installed") and verify that the hotfix KB958644 is installed (in the Windows updates, while bottom of the list).
Quote:
Note to Vista users: If you installed the beta or RC version of Vista SP2 (Update KB955430), your computer is protected while the KB958644 patch does not appear.
3: Make sure there are no traces of Conficker on the system
Check Conficker that is not already more or less on your system. For this, the simplest is to use the detection/removal of malicious code from Microsoft.
Click on this link, then click Download, click Run, Run again, then Next, then complete analysis and then click Next. At the end of the analysis, click on View the detailed results of research to verify everything is OK and that Conficker was not detected.
4: Verify that there are no traces of Conficker on your network
Conficker can also spread by infecting files shared on the network. It is therefore essential, if you have multiple machines on the network or a NAS (hard drive connected to the network), to scan these areas potentially infected. Use your antivirus whether it is the latest version (2009 edition). Otherwise, use a scan line by calling for a personalized analysis and selecting the network drives. You can use Panda TotalScan.
5: Disable Autorun for removable devices
Conficker spreads, like many new malware, infecting the USB key. If you have an antivirus recent (2009 edition) it is very likely to include the management of devices and automatically scans the keys when they were introduced into the system. If you have any doubts on the subject, you can take safety measures preventing the automatic execution of programs with the introduction of a key (ie, deactivate AUTORUN.INF). To do this:
- Launch REGEDIT
- Deploy the key: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf"
- Double-click the value "(default)" and enter the data: @SYS:DoesNotExist
5 mistakes that make Conficker exists
Altogether, five principles for not being infected by malware as Conficker, five errors in behavior that have allowed Conficker to exist and spread.
1 - Do not enable automatic updates
Some so-called "experts" advise users not to activate the Automatic Windows Update on the pretext that you may encounter conflicts or be terminated if you use a pirated copy of XP and Vista. The truth is that not to activate the automatic mode of Windows Vista is the assurance of being infected very soon! Almost all exploits are created when Microsoft releases an update (after analysis of the patch).
Windows Update is not likely to crash your PC, since driver updates are not sent into the automatic mode. At worst, if there was an incident, you could always make a system restore or uninstall the patch disabling. As to piracy, Microsoft does not persecute users (and dealers) and do not use Windows Update as a cookie (that would be unnecessary, millions of PCs around the world use a pirated XP). To activate the automatic mode, launch the Security Center, click Automatic Updates and select Automatic.
2 - To be trapped like a blue by Rogues
Guess what? Since the threat Conficker there has come on the market a number of implausible "Removers", "SuperMegaAntivirus", "HyperAntispyware" and other programs that claim to security solutions and in fact are the Trojans! We call these programs "Rogues". They are very popular. Conclusion: Use of tools known and reputable companies, beware of all the antivirus that you offer "sites under" or "pop-up".
3 - Believing that there are non-infected keygens
Spread the word, piracy is the primary source of infection of the PC. Multiple Keygen Cracks and other available on the "news" and other P2P networks are infected. A recent test conducted has even shown a file of old crack downloaded a week on the "news" could be recognized by any antivirus or even updated VirusTotal and yet be terribly dangerous for Windows XP (Vista was able to resist infection even though the virus did nothing). However if the antiviral scans did nothing, the protections "real time" of most antivirus alerts posted in performance of the crack.
4 - Believing antivirus scans are useless
Some believe that the protections "real time" antivirus enough, and it is unnecessary to run scans. Bad idea. Typically, in the case of Conficker a virus from another computer from home can infect the network shared folders or network drives. Hence the importance of launching frequently not only complete scans of your hard disks, but also the shared folders of other machines or NAS.
5 - To believe that passwords are useless
Conficker spreads more easily than the profile on which it runs has no passwords. The software even has a mechanism that attempts to force the network passwords by trying passwords most common in the world and other techniques. Hence the importance of always using a profile is protected by a strong password consisting of at least 7 characters, 1 digit, 1 upper case and a sign (*, +, -, @, etc).
Source : techarena
No comments:
Post a Comment