Conficker is a worm that spreads via networks and USB drives. On usb drives it will create an Autorun.inf on your flashdrive. we can remove tha shit out. go to command prompt (cmd) then type
del c:\autorun.* /f/s/q/a
del x:\autorun.* /f/s/q/a
* where "x" is your usb drive letter.
Now theres a 3megs of update for Windows XP (KB950582) on which when u install this update it will resolve an issue in which AutoRun features were not correctly disabled. download site: [http://www.microsoft.com/downloads/details.aspx?FamilyId=CC4FB38C-579B-40F7-89C4-1721D7B8DAA5&displaylang=en]
.usb drive problem solved! on the net side...
Conficker "opens a random port between port 1024 and 10000 and acts like a web server." to cut this blogpost short medyo sleepy na si carl. login to your home/soho router then go to Access Restriction. block port both TCP and UDP ranging from 1024 upto 10,000. if u have linksys wrt.. here's how. click add edit service
Conficker worm attempts to brute force usernames and passwords and takes advantage of Server Service vulnerability in Windows which allows for remote code execution. The worm also auto-updates itself every day from a long list of URLs so it looks like its preparing for a larger attack.
Remember to Turn off AutoRun feature for USB drives on your machines Patch your servers and workstations by visiting Microsoft Security Bulletin MS08-067.
Make sure your antivirus and security solution is up-to-date on the latest version and signature database.
Here's another yummy tip: if you think/feel your infected go to this site then download the Stinger.. yup it's free at http://vil.nai.com/vil/stinger/
Download v10.0.0.482 [2,641,920 bytes] (01/10/2009)
download link: [http://download.nai.com/products/mcafee-avert/stinger10000482.exe]
after downloading reboot your pc on safe mode then isolate it from the net/ap. then run the scan but be sure to check the necessary checkboxes. lil' heres how
other related stuff:
microsoft malware and protection center: http://blogs.technet.com/mmpc/archive/2008/11/25/more-ms08-067-exploits.aspx
for fortimanager's: http://www.fortiguardcenter.com/reports/MS08-067-Conficker.html
New wave of botnet attack solved. There's no place like 127.0.0.1 hehehe.. goodnight Earth.
["My neck my back" photo by: E. Lee]
3 comments:
more info at:
http://tools.cisco.com/security/
center/viewAlert.x?alertId=17121
Remember to block port 137, 138, 139 and 445.
Confickers Autorun (Fix)
Install this update to resolve an issue in which AutoRun features were not correctly disabled.
http://www.microsoft.com/downloads/details.aspx?FamilyId=CC4FB38C-579B-40F7-89C4-1721D7B8DAA5&displaylang=en
Post a Comment