Alert (TA09-088A) Conficker Worm Targets Microsoft Windows Systems Original release date: March 29, 2009 Show
Conficker Worm affected Microsoft Windows . Conficker is a worm that first surfaced late in 2008, taking advantage of a security flaw in Microsoft’s Windows operating system to spread on its own. Several variants of Conficker have surfaced since the original. Computers infected with Conficker become part of an army of compromised computers and could be used to launch attacks on Web sites, distribute spam, host phishing Web sites or other nefarious activities. Conficker.C, could activate on April 1, 2009—April Fool’s Day—and start another assault on Windows computers. While this may be a prank, you should make sure your computer systems are protected against this pest. Once it is on a computer, Conficker digs itself in by attempting to deactivate security software and sabotage its tools to remove it. If you notice that you’re unable to access Web sites such as www.mcafee.com or your security software is acting up, that could be a sign that your system was infected by Conficker. This Conficker impact a remote, unauthenticated attacker could execute arbitrary code on a vulnerable system. Ways to remove it or prevent infection from Conficker To protect against Conficker isn’t hard. There are two basic things that will ensure a Windows computer is shielded against the worm:
The way to remove Conficker Using W32.Downadup Removal Tool from Symantec, This tool is designed to remove the infections of:
Follow these steps to download and run the tool:
Note: If you are sure that you are downloading this tool from the Security Response Web site, you can skip this step. If you are not sure, or are a network administrator and need to authenticate the files before deployment, follow the steps in the “Digital signature” section before proceeding with step 4.
How to disable or enable Windows Me System Restore How to turn off or turn on Windows XP System Restore
When the tool has finished running, then will see a message indicating whether the threat has infected the computer. The tool displays results similar to the following:
What the tool does
US-CERT encourages users to take the following preventative measures to help prevent a Conficker/Downadup infection:
Technical Brief Description: Android package file Package name: app.rewards.amazon.com.amazonrewards Permissions
Once installed, the application will display an icon with a lowercase white letter A on a black background with an orange arrow beneath it.Functionality when the worm is executed, it sends an SMS message, claiming to be in relation to an Amazon gift voucher, to contacts on the compromised device in order to propagate itself. The worm then displays the following website on the compromised device’s default Web browser:
Recommendations Solution :Symantec Security Response encourages all users and administrators to adhere to the following basic security “best practices”: Which of the following is an advantage of Windows CE over other Windows embedded OSs?Which of the following is an advantage of Windows CE over other Windows embedded OSs? Its source code is available to the public.
Which of the following is the most efficient way to determine which OS a company is using quizlet?Which of the following is the most efficient way to determine which OS a company is using? Call the company and ask.
Which program can detect rootkits on Nix systems?The TDSSKiller tool is designed to detect and remove malware from the Rootkit.
What is the best method of preventing NetBIOS attacks?In addition to turning off the NetBIOS service, you can prevent misuse of the NetBIOS service by closing TCP & UDP port 137 in your Windows firewall.
|