Showing posts with label vunerabilty. Show all posts

Conficker The Deadliest Malware Of The Decade













Conficker was 1st malware which had affected the bussines in the last 2 years Very badly. Sophos was the 1st Security firm to detect the threat and report the microsoft vunerabilty which causes this Malware to exploit the machine's two critical service responsible for the communication i.e Server service and Workstation service.

This Malware exploits the Microsoft's MS08-067 vunerability and as a result all the security sites and Microsofts don't opens up. So the risk of getting infected got higher since the security application can't take update from their databank. And since your system is not uptodate and hence don't have anti-virus IDE's so malware tries to spead via network (network shares) , removal media etc.

So to tackle all issues the things that we need to use is to secure our system with Zero day threats by having a good firewall installed over your machine which can block the malware to spread or reports you on the security breach.

Well having said that the Conficker Malware which is in the web still haunts , it has been modified by virus writers and lots of varients has been known  which are Mal/Conficker-A, Mal/Confick-Dam, Mal/Conficker-B, Mal/ConfInf-A, Troj/ConfData-A, Troj/ConfDr-B, Troj/ConfDr-C, Troj/ConfDr-Gen , W32/ConfDr-Gen, W32/Confick-A, W32/Confick-B, W32/Confick-C, W32/Confick-D, W32/Confick-F, W32/Confick-G, W32/Confick-H, W32/Confick-I, W32/Confick-K, W32/Confick-L, W32/Confick-M, W32/ConfikMem-A, W32/ConfikMem-B.

This malware is not detected by virus scanner itself as it other process are hidden ,so anti-rootkits mechanism is used to find out the malware and then removed using a specific tool.

since most of the operating systems Either Windows 2000 , XP , 2003/2008 servers versions are not being patched by MS08-067 security patch from microsoft.
SO the first objective is to patch the machine with Microsoft's MS08-067 patch.
I.e from below download Links for respective operating system.

WIN Xp SP2 - http://download.microsoft.com/download/4/f/a/4fabe08e-5358-418b-81dd-d5038730b324/WindowsXP-KB958644-x86-ENU.exe

Win XP SP3 - http://download.microsoft.com/download/4/f/a/4fabe08e-5358-418b-81dd-d5038730b324/WindowsXP-KB958644-x86-ENU.exe

Win Vista - http://download.microsoft.com/download/d/c/0/dc047ab9-53f8-481c-8c46-528b7f493fc1/Windows6.0-KB958644-x86.msu

Win 2003 Server Sp1 - http://download.microsoft.com/download/e/e/3/ee322649-7f38-4553-a26b-a2ac40a0b205/WindowsServer2003-KB958644-x86-ENU.exe

Win 2003 server sp2 - http://download.microsoft.com/download/e/e/3/ee322649-7f38-4553-a26b-a2ac40a0b205/WindowsServer2003-KB958644-x86-ENU.exe

Win 2008 server - http://download.microsoft.com/download/4/9/8/498e39f6-9f49-4ca5-99dd-761456da0012/Windows6.0-KB958644-x86.msu


And then download the Conficker Removal utility from the below link

http://downloads.sophos.com/custom-tools/conficker-removal-tool.msi

Install this tool and run the scan , it will take some time depending upon your data volume and when scan finises will ask for reboot , and the Malware will be removed.

So moral of the whole article is that keep your system updates with latest Microsoft patch and have the best security defence as mentioned in my previous article http://rise-of-the-pheonix.blogspot.com/2010/04/computer-security-applications.html

Hope this article will help you.


P.S : For any query feel free to get back to me @ TALK TO ME 
        section or post your comment over here.
        reference: www.sophos.com

Comments

Category: , , , , , , ,