Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MS08-067 Conficker Worm - Mitigation Resources


  • Please log in to reply
1 reply to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:11:44 PM

Posted 20 January 2009 - 06:33 AM

The following Microsoft resources have been published to help mitigate Win32/Conficker.B infections

Posted Image MS08-067
Posted Image Malicious Software Removal tool
Posted Image Win32/Conficker.B

QUOTE: In response to this threat, Microsoft has:

Updated the January version of the MSFT to detect and remove variants of Win32/Conficker.B. You can download this version from the MSRT from either the Microsoft Update site or through its associatedKnowledge Base article.

Created the KB article 962007 Virus alert about the Win32/Conficker.B worm to provide public details on the symptoms and removal methods available to address this issue.

Announced the release of the items and the virus threat itself on the Microsoft Malware Protection Center blog.


Plus some good additional resources that I hope may be helpful ...

Informative article on what corporate IT security departments should have in place to prevent the current 3-pronged attacks:

-- Patch Management (patching plus testing to ensure everything is up-to-date)
-- Reduce/Eliminate Autorun for removable devices and wide-open network shares
-- Test/Strengthen passwords


Trend Blog - Good Corporate Security Policies can prevent Conficker infections
http://blog.trendmicro.com/security-policy...wnad-infection/


Posted Image An estimated 33% of users are not up-to-date on security patches, as noted in the Computerworld article. Staying up-to-date on security patches and AV updates can provide protection. These latest MS08-067 attacks have been more potent, so please research the links at the bottom to ensure you are up-to-date.

COMPUTERWORLD: 1 in 3 Windows PCs vulnerable to worm attack
http://www.computerworld.com/action/...icleId=9126038

QUOTE: January 15, 2009 (Computerworld) The worm that has infected several million Windows PCs is causing havoc because nearly a third of all systems remain unpatched 80 days after Microsoft Corp. rolled out an emergency fix, a security expert said today.

Microsoft - Windows Update Web Site

Microsoft - Security at Home (learn security basics)

Secunia PSI - Can check your system for missing updates

Techniques for disabling AUTORUN for USB plug-in devices

http://technet.microsoft.com/en-us/m...ritywatch.aspx
http://support.microsoft.com/kb/953252
http://nick.brown.free.fr/blog/2007/...ick-worms.html

MS08-067 Conficker worm - F-Secure offers free removal tools
ftp://ftp.f-secure.com/anti-virus/tools/beta/fsmrt.zip
ftp://ftp.f-secure.com/anti-virus/to...f-downadup.zip

BC AdBot (Login to Remove)

 


#2 tork

tork

  • Members
  • 718 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:here
  • Local time:11:44 PM

Posted 22 January 2009 - 11:43 AM

harrywaldron,

thanks for the comprehensive coverage you are providing on this topic.

tork




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users