Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Windows worm builds massive botnet


  • Please log in to reply
8 replies to this topic

#1 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 03 December 2008 - 06:25 AM

New Windows worm builds massive botnet



Half a million PCs infected, botnet still growing, says researcher

December 1, 2008 (Computerworld)
By Gregg Keizer.
The worm exploiting a critical Windows bug that Microsoft Corp. patched with an emergency fix in late October is being used to build a new botnet, a security researcher said today.

Ivan Macalintal, a senior research engineer with Trend Micro Inc., said that the worm, which his company has dubbed "Downad.a" -- it's called "Conficker.a" by Microsoft and "Downadup" by Symantec Corp. -- is a key component in a new botnet that criminals are creating.

"We think 500,000 is a ball park figure," said Macalintal when asked the size of the new botnet. "That's not as large as some, such as [the] Kraken [botnet], or Storm earlier, but it's still starting to grow."

Last week, Microsoft warned that the worm was behind a spike in exploits of a bug in the Windows Server service, which is used by the operating system to connect to network file and print servers. Microsoft patched the service with an emergency fix it issued Oct. 23, shortly after it discovered a small number of infected PCs in Southeast Asia.

However, the new worm is a global threat, said Macalintal. "This has real potential to do damage," he said. Trend Micro has spotted infected IP addresses on the networks of Internet service providers (ISPs) in the U.S., China, India, the Middle East, Europe and Latin America.

The worm first appeared about a week and a half ago, and began spreading in earnest just before Thanksgiving, he added.

Macalintal also said that it appears the botnet is being built by a new group of cyber-criminals, not one of the gangs that lost control of compromised computers when McColo Corp., a California hosting company, was yanked off the Internet. When McColo went offline, crooks lost access to the command-and-control servers which gave marching orders to some of the world's biggest botnets, including "Srizbi" and "Rustock."

One result of the McColo takedown was a temporary slump in spam; some message security vendors said last week that they had seen a sharp increase in spam as the hackers managed to regain control of their botnets.

Security experts, including those at Trend Micro, are coordinating efforts, said Macalintal, to pass along their lists of worm-infected PCs to ISPs, who have been asked to contact the computers' owners and urge them to clean their machines of the worm.

"But that's an uphill climb," admitted Macalintal.

Users who haven't applied the emergency patch -- labeled MS08-067 by Microsoft -- should do so as soon as possible!!!

BC AdBot (Login to Remove)

 


#2 Reena

Reena

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:12:27 PM

Posted 04 December 2008 - 07:53 AM

As a result of warnings in PC magazines I attempted to find this update.

Microsoft download "tells" me that all my updates are up to date. I cannot find this particular label listed but I have 8 listed for the month of October.

Does this mean that the emergency patch bears another name?

Clicking on the link above led to a download that was older than patches already installed, so I was "told".

#3 Net_Surfer

Net_Surfer
  • Topic Starter

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 04 December 2008 - 09:22 AM

Hi There.

If you still unsure that you already have this patch, then go and download this tool and will scan your computer for latest drivers and patches for your programs.

Download: - Secunia Personal Software Inspector (PSI) 1.0

3rd December 2008. Statistics from the Secunia PSI shows that 98 out of 100 PCs have 1 or more insecure programs installed! Download the free Secunia PSI and check your PC for insecure programs exposing you to security threats!

VULNERABLE ?
Did you know that many of the hacker attacks and security threats today exploit software vulnerabilities and code flaws?

UPDATED ?
Keeping your PC and especially your 3rd party programs updated requires you to search the Internet for updates and patches on a regular basis - for all the programs installed on your PC.

WHATS ON YOUR PC ?
The typical user has 30-60 programs installed - do you know which programs you have installed? Do you know which programs expose you to security threats?

SECURE ?
Is your PC secure? Do you have all the latest security updates and patches?

PROTECT YOURSELF !
Security patches are usually free and available for download from the program vendors. Let the Secunia PSI pinpoint exactly which patches you need to secure your PC.

The Secunia PSI is a free security tool designed with the sole purpose of helping you secure your computer against vulnerabilities in programs.


System Requirements

The current list of requirements that must be met for the Secunia PSI to function correctly are the following.

Supported Operating Systems:

* Microsoft Windows XP - Service Pack 2 or later
* Microsoft Windows 2003
* Microsoft Windows Vista
* Microsoft Windows 2000 - Service Pack 4
* US and European languages only

Privileges:

* To install and run the Secunia PSI you will need administrative privileges

Connectivity:

* Access to Secunia servers (encrypted) via SSL (https://psi.secunia.com:443/)
* Access to Microsoft Windows Update servers, see also WUA requirements below

Software Requirements:

* Latest version of Microsoft Windows Update Agent (WUA)

You can determine whether or not you are running the latest WUA by visiting "http://windowsupdate.microsoft.com/". If you are able to check your system for missing updates through this tool, your system should function properly with the Secunia PSI.

Hardware Requirements:

* There are as such no additional hardware requirements. If your computer can run any of the above mentioned Operating Systems, then the Online Software Inspector should also be able to run.

#4 Net_Surfer

Net_Surfer
  • Topic Starter

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 04 December 2008 - 10:46 AM

XP Service Pack 3 blocks .NET security patches

By Susan Bradley

Installing SP3 on Windows XP eliminates the operating system's ability to install important security patches for Microsoft's .NET technology and possibly other software.

This problem forces XP SP3 users to apply patches manually to complete vital updates.


The new error is the latest in a long series of glitches relating to XP's SP3, which Scott Dunn described in his Sept. 11 Top Story. The issues include spontaneous rebooting of systems based on AMD chipsets, as documented by Jesper Johansson in a blog post from last May.

To determine whether your XP SP3 system has a version or multiple versions of the .NET Framework installed, open Control Panel's Add or Remove Programs applet and look for it among the list of currently installed programs. If you don't see any .NET entries, you don't have the framework installed on your system and needn't be concerned about the update problem.

If you do see a listing for Microsoft .NET Framework, you need to use a third-party update service such as Secunia's Software Inspector (described below) to patch the program.

A Sept. 16 post on the Windows Server Update Services (WSUS) blog disclosed that .NET 3.0 would not be offered to XP SP3 users. On Sept. 23, Microsoft Knowledge Base article 894199, which tracks changes in the company's patches, indicated that .NET 3.0 and .NET 3.0 Service Pack 1 should be offered to XP SP3 workstations as optional patches.

However, when I tested this on various Windows XP SP3 configurations, I wasn't offered .NET 3.0 as an optional patch. Things got really dicey on my first attempt to install .NET on a Windows XP SP3 machine. During that test, updates for .NET 1.1 and .NET 2.0 failed midstream. I had to use the Windows Installer CleanUp Utility (which is described in KB article 290301 and Aaron Stebner's .NET Framework cleanup tool (download page) to uninstall the partially installed .NET frameworks.

Ultimately, I had to install .NET 3.5 SP1 in order to get any .NET framework loaded onto the test XP workstation. While the latest version of .NET 3.5 is a cumulative patch and thus could be installed in place of prior versions of .NET, what invariably occurs is that line-of-business applications require and install earlier versions of .NET.

For example, one of the programs I use regularly is QuickBooks, which includes .NET 1.1 in some versions and 2.0 in the 2008 and 2009 releases. I recommend against removing various versions of .NET if the frameworks were installed by your applications.

On my second and third tests of Windows XP SP3 machines, Windows Update did not detect .NET 3.0 as an optional update, but the frameworks were installed without error just the same. However, to manually update the XP systems, I first had to install Microsoft's Windows Genuine Advantage tool, which is described in KB article 892130.

Next, I had to upgrade the installer program, as described in KB article 898461. After installing these two programs and returning to the Windows Update service, the XP SP3 machine was offered .NET 1.1 and .NET 2.0 as optional updates but not .NET 3.0 as a patchable item.

I recommend that you install any version of .NET framework only when your applications need it.

However, Microsoft security bulletins recently dated as of Nov-25 indicate that XP SP3 machines should be offered .NET 3.0, clearly, XP SP2 Pc's are prompted to install .NET 1.1, 2.0, and 3.0 while XP SP3 users are offered only 1.1, 2.0.

A full three months after Microsot's WSUS, support blog, disclosed that XP SP3 Pc's users aren't offered .NET 3.0 as an optional patch, the problem is not been fixed.

If your rely on windows update or Microsoft's update, for your patching needs, use Secunia's online software inspector service to ensure you're getting all the updates that you need.

#5 samuel3

samuel3

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:27 PM

Posted 04 December 2008 - 11:28 AM

Ok this program found 2 security threats? My Computer is 94% secure??

How do i get rid of these 2 security threats? Are they harmful??

If so how do i get rid of them??

Posted Image

Edited by samuel3, 04 December 2008 - 11:36 AM.


#6 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 04 December 2008 - 12:17 PM

A new version of Java was released this morning. I have already updated it. That's how you get rid of it. I was actually notified directly by Sun Microsystems.

#7 samuel3

samuel3

  • Members
  • 2,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:27 PM

Posted 04 December 2008 - 02:31 PM

Do i need to keep the Secunia program? To keep everything secure?

#8 Net_Surfer

Net_Surfer
  • Topic Starter

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 04 December 2008 - 06:38 PM

Hi Samuel.

The Secunia tool: - Secunia Personal Software Inspector (PSI) 1.0
keeps your programs updated, after you installed it will run in your background and it will check for new updates, like java, microsoft's products, and any other program that you have installed in your computer. If gives you a choice to go to add or remove programs to uninstall the program that is not longer being updated by the maker of the program. if you have a good computer skills and are comfortable in deleting programs, files or folders, then use the advanced option in the program.

I hope that helps!!!


#9 Reena

Reena

  • Members
  • 391 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:12:27 PM

Posted 05 December 2008 - 12:39 PM

Thank you SO much for all the helpful replies.

I do have lots of .NET entries (downloaded automatically),and I also have the SECUNIA programme installed for some time now. I find the latter invaluable.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users