'Huge increase' in worm attacks plague unpatched Windows PCs

[YoKenny]

'Huge increase' in worm attacks plague unpatched Windows PCs

Microsoft scolds users who never applied October's emergency update

By Gregg Keizer

 

January 12, 2009 (Computerworld) A computer worm that exploits a Windows bug Microsoft Corp. patched more than two months ago continues to wreak havoc, a security company said today, as it boosted its overall threat ranking and warned users to patch their PCs.

 

"We've seen a huge increase in the number of [malware] samples, as well as infections," said Ryan Sherstobitoff, chief corporate evangelist at Panda Security, referring to the "Conficker.c" worm.

http://www.computerworld.com/action/articl...p;source=NLT_PM

 

Today is Patch Tuesday so patches should be available by 3:00pm EST

[Andavari]

Hence the reason not to turn off Automatic Updates.

[YoKenny]

Hence the reason not to turn off Automatic Updates.

Don't you want to reach out and touch one of the Security Experts that often recommend turning it off because they are paranoid that Microsoft may be spying on them?

[CeeCee]

One good thing to do, is close some of Windows pesky ports, that you don't need anyway. Like these ports: DCOM, RPC, Universal Plug N Play and Messenger (has nothing to do with MSN Messenger). You can close all those ports with this utility: http://www.firewallleaktester.com/wwdc.htm (Compatible : Windows 2000 / XP / 2003 server)

 

But NOTE: Do not close NetBIOS, because you can lose your internet connection. Use this method instead: http://irt.stanford.edu/security/howto/disable-netbios.html

[YoKenny]

One good thing to do, is close some of Windows pesky ports, that you don't need anyway. Like these ports: DCOM, RPC, Universal Plug N Play and Messenger (has nothing to do with MSN Messenger). You can close all those ports with this utility: http://www.firewallleaktester.com/wwdc.htm (Compatible : Windows 2000 / XP / 2003 server)

 

But NOTE: Do not close NetBIOS, because you can lose your internet connection. Use this method instead: http://irt.stanford.edu/security/howto/disable-netbios.html

Steven Gibson's tiny utilities help with these:

 

DCOMbobulator http://www.grc.com/freeware/dcom.htm

Shoot The Messenger http://www.grc.com/stm/shootthemessenger.htm

UnPlug n' Pray http://www.grc.com/unpnp/unpnp.htm

 

Test your ports https://www.grc.com/x/ne.dll?bh0bkyd2

Note: Your router or hardware firewall will block these probes.

[CeeCee]

Steven Gibson's tiny utilities help with these:

 

DCOMbobulator http://www.grc.com/freeware/dcom.htm

Shoot The Messenger http://www.grc.com/stm/shootthemessenger.htm

UnPlug n' Pray http://www.grc.com/unpnp/unpnp.htm

 

Test your ports https://www.grc.com/x/ne.dll?bh0bkyd2

Note: Your router or hardware firewall will block these probes.

Yeah, but that WWDC is also good, and comes with "all in one". It's also just one single file and 50,0kt.

[Xion44]

yesterday downloaded some security stuff with vista. scanned with secunia and looks like everything is fine

[YoKenny]

Virus alert about the Win32/Conficker.B worm

Symptoms of infection

If your computer is infected with this worm, you may not experience any symptoms, or you may experience any of the following symptoms:

• Account lockout policies are being tripped.

• Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.

• Domain controllers respond slowly to client requests.

• The network is congested.

• Various security-related Web sites cannot be accessed.

For more information about Win32/Conficker.b, visit the following Microsoft Malware Protection Center Web page:

http://www.microsoft.com/security/portal/E...Win32/Conficker (http://www.microsoft.com/security/portal/Entry.aspx?Name=Win32/Conficker)

 

Propagation methods

Win32/Conficker.B has multiple propagation methods. These include the following:

• Exploitation of the vulnerability that is patched by security update 958644 (MS08-067)

• The use of network shares

• The use of AutoPlay functionality

Recovery

Run the Malicious Software Removal toolThe Microsoft Malware Protection Center h...Run the Malicious Software Removal tool

The Microsoft Malware Protection Center has updated the Malicious Software Removal tool (MSRT). This is a stand-alone binary that is useful in the removal of prevalent malicious software, and it can help remove the Win32/Conficker malware family.

 

You can download the MSRT from either of the following Microsoft Web sites:

http://www.update.microsoft.com (http://www.update.microsoft.com)

http://support.microsoft.com/kb/890830 (http://support.microsoft.com/kb/890830)

http://support.microsoft.com/kb/962007

 

Flash Disinfector is a Flash Malware removing tool created by courtesy of sUBs. It?s a neat and handy tool to handle all of the messes done by those pesky flash malwares. By no means this tool nor this article will guarantee that your pc is 100% clean, it just acts as a reference.

 

Flash Disinfector will target the following Flash malwares(in general):

 

W32/Perlovga (copy.exe | host.exe)

VBS_RESULOWS.A (Hacked by Godzilla, Hacked by Moozilla)

Bha.dll.vbs

w32automa worm (Autorun.vbs)

Trojan.Win32.VB.atg | Win32/Dzan | Worm_vb.bnr (tel.xls.exe | mmc.exe)

W32/RJump.worm (RavMonE)

Worm.Win32.Delf.bf | W32.Fujacks (spoclsv.exe)

W32.Fujacks.BH (f***er.vbs)

WORM_AGENT.PGV (soundmix.exe)

W32/Hakaglan.worm (RVHost.exe)

Trojan.Win32.VB.ayo [AVP] (Macromedia_Setup.exe)

Trojan.VBS.DeltreeY.b#1 (Destrukto!!! | destrukto.vbs)

 

What will Flash Disinfector Do

- Clean up junks created by flash malwares

- Deletes autorun.inf from every root folder

- Fix back damages done to your system

- Creates an autorun.inf folder in the root of your system drives

 

How To Use The Tool

 

*Please remember to disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

 

Mirror ? http://download.bleepingcomputer.com/sUBs/...Disinfector.exe

 

Download Flash Disinfector by sUBs and save it to your desktop.

 

? Double-click Flash_Disinfector.exe to run it. Follow any prompts that may appear.

? Your desktop will vanish for a while, and then reappear. This is normal.

? Wait until the program has finished scanning, then please exit the program.

? Restart your computer and see if problem still persists.

[Corona]

Yo! Kenny! Have you tried that Flash Disinfector thingy yet?

[YoKenny]

Yo! Kenny! Have you tried that Flash Disinfector thingy yet?

Yup.

 

On all of my Flash cards and even my Sony Walkman NWZ-B103

 

Close all applications first as it closes down explorer.exe plus browser windows then restarts explorer.exe

[YoKenny]

'Amazing' worm attack infects 9 million PCs

Biggest infection in years, says Finnish security firm

 

January 16, 2009 (Computerworld) Calling the scope of the attack "amazing," security researchers at F-Secure Corp. today said that 6.5 million Windows PCs have been infected by the "Downadup" worm in the last four days, and that nearly 9 million have been compromised in just over two weeks.

http://www.computerworld.com/action/articl...ticleId=9126205

 

Note: Downadup is the same as Conficker

[Xion44]

update included said malicious tool thingy.

[YoKenny]

OpenDNS rolls out Conficker tracking, blocking

Downadup on notice

By Dan Goodin in San Francisco

Posted in Security, 7th February 2009 21:32 GMT

Free research: Application platforms, the state of play

 

With an estimated 10 million PCs infected by the stealthy worm known as Conficker, it's a good bet that plenty of administrators are blissfully unaware that their networks are playing host to the pest. Now, a free service called OpenDNS is offering a new feature designed to alert administrators to the damage and help them contain it.

http://www.theregister.co.uk/2009/02/07/op...cker_protection

[YoKenny]

Microsoft, Symantec, VeriSign join forces to fight Downadup worm

Microsoft offers $250,000 for info on hackers; ICANN involved in effort, too

 

By Gregg Keizer

 

February 12, 2009 (Computerworld) Nearly 20 technology companies and organizations are combining forces to disrupt the command-and-control infrastructure of the rapidly spreading Downadup worm, prompted by infection rates of nearly 2.2 million machines each day.

http://www.computerworld.com/action/articl...tsrc=hm_ts_head