|
Conficker?... (pg. 2)
|
View this Thread in Original format
| XaNaX |
| keep the clock on your pc set to 3/31/09 forever |
|
|
| Scoops |
 |
|
|
| Ania_xox |
| quote: | Originally posted by Zoso
Microsoft released the patch for this way back in October of 2008. Open Control Panel, then click Add/Remove Programs and make sure the "show updates" box is checked. Then look down under your XP updates for KB958644. This is the patch you want to have installed. |
so if KB958644 appears under the list of XP updates, there is no need to DL anything? |
|
|
| Ania_xox |
| quote: | Originally posted by XaNaX
keep the clock on your pc set to 3/31/09 forever |
:stongue: :stongue: :stongue: |
|
|
| Jake Benson |
| Does this affect MACs? |
|
|
| Rasidel Slika |
a mac is a virus, in and of itself
it doesn't need any help |
|
|
| Dieselboy_1206 |
| of course it doesn't affect Macs. Macs are the most perfect computer system ever. Perfect OS on hardware designed to work with the system. Nothing can crack the Mac Os . . . ever. . . forever. |
|
|
| Jake Benson |
| So did anything happen? Or was this just another Y2K? |
|
|
| Alccode |
No no, that was an april fools' joke. The chances of any article on Slashdot being legit on April 1st is next to none. Go back to that link and read the first paragraph:
| quote: |
Editor's Note: The following was written in the spirit of April Fool's Day. Brian is following the story and if there are real reports of outbreak, he'll report them in a separate post.
|
The fact is, Conficker's authors are in this for the money, and so are expressly not going to be making big splashes with it. Using worms to make PC's display pink screens and mess up your computer is so passe. These days it's all about making money. Renting your army of slave zombie computers to whatever criminal element (spammers, other hackers, fundamentalists, whatever) is willing to pay the cash. |
|
|
| NeoPhono |
| quote: | Originally posted by Jake Benson
So did anything happen? Or was this just another Y2K? |
So far it has been a dud. It seems as if those computers that have been affected have been trying to contact various servers that were supposed to give the worm further instructions as to what havoc to wreak. It looks like none of the servers has actually had any further instructions to give though so nothing has happened. I guess it's possible bad stuff could still happen, if it is able to progress, but right now it almost seems like it was a huge April Fool's prank. |
|
|
| Alccode |
There is more to Conficker than simply having the KB958644 Security Update patch from Oct'08, mentioned in a previous post. It can also infect you via unprotected network shares, a weak Administrator password, and via USB keys. I'll talk about all these below (step 3).
But first, note that Conficker only affects Windows machines, including XP and Vista. If you have one of these systems, you can read through the following info.
1. Check to see if you're infected
First, check to see if you're already infected. You can do so by trying to visit the following websites on any web browser on your Windows PC:
http://www.f-secure.com
http://www.secureworks.com
http://us.trendmicro.com
If you can't access these sites, but can otherwise surf the internet, then you might be infected.
2. Remove current infection (if applicable)
Although most antivirus products should be able to detect Conficker, the worm's mode of operation includes disabling all such software as soon as possible, upon infection, so you might not be able to resolve the problem this way. An alternative is to download a tool specifically to deal with the problem. Microsoft has a Malicious Software Removal Tool that removes Conficker (including a number of other malware), which you can find here:
http://www.microsoft.com/security/m...ve/default.mspx
If you think you're infected -- and even if you think you're not -- it's good to run the tool to make sure you are in the clear.
3. Protect yourself from future Conficker infections
There are a few elements to protecting yourself from Conficker, not all of which will be reasonable to apply in all cases. First of all, it's crucial to have the KB958644 security patch for Windows installed. If you've at all been keeping your machine up-to-date with Windows/Microsoft Update, this should have been installed automatically months ago (in October or November of last year).
You can check to see if you have it by going to Control Panel, then "Add/Remove Programs" (if using XP, and named slightly differently under Vista). At the top should be a checkbox titled, "Click to show updates". When all the list elements finish loading, scroll down the list and search for the Security Update KB958644. If it's not there, just run Windows/Microsoft Update. If you can't (pirated copy of Windows), you're out of luck. :toothless
The second way Conficker can infect you is if you have network shares that have no password. In this case, simply add passwords to them. You can look this up in Google since I don't know offhand how to do so (though it's probably somewhere in the "Sharing" tab of the Properties window for the share).
The third way is via an insecure Administrator account (i.e., weak password). You should have good passwords on all of your accounts, especially those with administrative privileges, especially the local, default "Administrator" account. Even if you only think you have one account on your system -- your own personal account with admin privileges -- you in fact also have an "Administrator" account, which should be visible in the User Accounts section in the Control Panel.
Note that for good passwords, length and variety are the key (especially length). If you have a relatively random-looking password that is not using a dictionary word, but only consisting of 8 characters, it will nevertheless be much, much easier to break than a password consisting of even 10, 12, or 14 characters. So if in doubt, add more characters to your password.
You can also entirely disable the local Administrator account as long as you have another account with administrator privileges (which should also have a strong password, just the same). You can do so by following the steps in this link (go to step 4., "Disable the local administrator account", under the "Prevention" section):
http://support.microsoft.com/kb/962007
The fourth way that Conficker can get on your PC is via an infected USB device (like a USB key) which has been previously infected. Basically what happens is that it implants a new entry in the autorun menu, on the top, that says "Click to open files" but is nevertheless listed as "Publisher Unknown". If you click on that element, the worm will be executed, and will infect your PC. So you should make sure not to click this! The real "Click to open files" menu item will appear further down in the list in this case.
To be 100% safe, you can simply disable autorun on your PC entirely, especially if you don't care to have it anyway:
http://support.microsoft.com/kb/967715/
Again, not all of the above solutions might be appropriate for everyone (e.g., if you have just one PC behind a router that connects to your local ISP, then the chances of getting infected via an unprotected network share are low; but if your machine is on a larger office network, the risk is much greater).
For more in-depth info on Conficker (including papers on security analysis of its inner workings), check out the following links:
Microsoft End-user Security Information
Microsoft Security Response blog
Detailed Technical Report on Conficker's workings
SANS Diary info for April 1st |
|
|
|
|
