Â
Actually it should be on 1 April start. Conficker, the worm, up to ten million PCs infected have to be hit, possibly significant damage was suspected.
Happened - almost - nothing. Because in fact spread only an update of the first worm, with an extensive address database for focal points in the network, from which he is the future, will provide updates.
Corbis
Computer worm Conficker: What did the malicious software programmers in mind?
A few days waiting for the security experts from more, then gave careful Entwarnung: As previously appeared twice Conficker simply nothing to do. A "sleeper" but he continued, it was composed of experts circles, but each time the action could be - and that is exactly what seems to happen now.
On the night of 8 April had Conficker with a peer-to-peer site in Korea, and a file is downloaded, the virus reported by researchers
Trend Micro. Maybe if it is a keylogger or similar program that tries to auszuspähen data, Trend Micro says manager David Perry. Apparently using the new malware is rootkit techniques to his presence on their PC should disguise.
Through an analysis of the encrypted file, the experts found that the new program is the 3rd May as the date in your pocket. On this day, then Trend Micro, it will adjust its activity. Until then, however, connect it at random to one of the following Web sites:
Myspace.com
msn.com
ebay.com
cnn.com
aol.com
Experts suspect the virus, the software is doing this to one Internet connection of their host PCs and the other the relevant date to consider. The main finding of the analysis described so far but they concluded that the Conficker via hijacked PCs from the botnet constructed now apparently is in full function for the distribution of worm updates used. A trial run, then?
About this zombie network will in any case is also a new variant distributed Conficker, the Trend Micro WORM_DOWNAD.E as described. This variant attempts to contact servers that have long been known to the Storm botnet are assigned, by a Waledac designated as malicious software was constructed.
About The purpose of this link researchers tap the virus still in the dark, but now suspect that behind Downadup / Conficker, and Storm Waledac one and the same group of cyber-criminals stand. Moreover, they assume that the dangers posed by Conficker expected to grow now.
CONFICKER: WHO IS AT RISK?
Safe RechnerUnsichere Calculator
Computer on which an operating system other than Windows are not affected. Doubtless there are also Windows-based PC, with a strong password to have shared file folders / drives are backed by the latest security updates installed and have an antivirus program that is Conficker / Downadup recorded and can delete. Autorun should be disabled.
Windows systems, the network only with a weak password is protected. The latest security updates are not received. Their virus scanner and update functions already covered by the worm were hors de combat. This single computer whose shared folders / drives are not secured. Desktop computers with a weak password protection, the autorun feature enabled, shared directories, unsecured and has already contaminated virus software.
 ->
All the more important it is for PC users, your computer now, after the pest to browse, Conficker where appropriate to remove them. This should be the first of the
University of Bonn's free use provided tools, then all the Windows updates, and finally its anti-virus software to the latest version. Importantly, the correct order. As long Conficker still on the system outrages drives, he obstructed the work of anti-virus software.
OVER-THE WORM: SO MAN PROTECTS AGAINST COMPUTERS CONFICKER
The most important answers at a glance: How Conficker, what you should do, and where can you free tools to remove the malicious software found.
So goes the worm before
The first method of attack targets a vulnerability in Microsoft's server software. Then spread the Downadup also called worm within networks, without the computer users themselves would have something to contribute: The worm tries, with the help of a software administrator passwords to crack. If this succeeds, the worm may be freely disseminated within the network. In a third phase, the worm spreads itself to target mobile devices, for example, via a USB interface with an infected computer system. Additionally, the worm searches through networks to "shared folders and network drives. Calculator, which deals with a network resource to connect, are also affected. The aim of the worm Downadup are especially corporate networks, but also personal computers can be infected.
Windows updates
Since Downadup First, the automatic update features of Windows and antivirus software frozen, you should try to initiate these updates manually. Private users will find the Windows feature that after clicking the Start icon, then under "Help and Support", then "the computer with Windows Update to the latest date."
USB Autorun function
Initially, you should use the autorun feature for USB flash drives off. But this is unfortunately not trivial and requires a change in the registry database: If you are not able to ask someone who really knows so. Improper interference with the registry can affect the functioning of the PC affect sensitive. The autorun function can also temporarily disable a trick: Simply the Shift key and hold, while a USB stick or other removable drive einsteckt. Only after notification of the drive spindle.
Computer with free tools
Who wants to be sure that his computer is clean, can be one of the specialized tools of the IT security companies, or rely on a Linux Live CD. Some companies offer such a thing as an ISO image to download: You can use the downloaded file to a CD. This is bootable and launches a lightweight Linux system with the help of current anti-virus scanning the hard drive of the infected computer, bypassing the operating system are investigated.
FREE Conficker helper
 Heise Security: background for dealing with tools
Microsoft Tutorial: Protect yourself from Conficker
Microsoft helpers: Malicious Software Removal Tool
Symantec instructions: The worm Conficker
 Enigma Software: Conficker-Removal Tool
 Kaspersky Tool: KidoKiller
No comments:
Post a Comment