YoKenny Posted January 13, 2009 Share Posted January 13, 2009 'Huge increase' in worm attacks plague unpatched Windows PCsMicrosoft scolds users who never applied October's emergency update By Gregg Keizer January 12, 2009 (Computerworld) A computer worm that exploits a Windows bug Microsoft Corp. patched more than two months ago continues to wreak havoc, a security company said today, as it boosted its overall threat ranking and warned users to patch their PCs. "We've seen a huge increase in the number of [malware] samples, as well as infections," said Ryan Sherstobitoff, chief corporate evangelist at Panda Security, referring to the "Conficker.c" worm. http://www.computerworld.com/action/articl...p;source=NLT_PM Today is Patch Tuesday so patches should be available by 3:00pm EST "Education is what remains after one has forgotten everything he learned in school." - Albert Einstein IE7Pro user Link to comment Share on other sites More sharing options...
Moderators Andavari Posted January 13, 2009 Moderators Share Posted January 13, 2009 Hence the reason not to turn off Automatic Updates. Link to comment Share on other sites More sharing options...
YoKenny Posted January 13, 2009 Author Share Posted January 13, 2009 Hence the reason not to turn off Automatic Updates. Don't you want to reach out and touch one of the Security Experts that often recommend turning it off because they are paranoid that Microsoft may be spying on them? "Education is what remains after one has forgotten everything he learned in school." - Albert Einstein IE7Pro user Link to comment Share on other sites More sharing options...
CeeCee Posted January 13, 2009 Share Posted January 13, 2009 One good thing to do, is close some of Windows pesky ports, that you don't need anyway. Like these ports: DCOM, RPC, Universal Plug N Play and Messenger (has nothing to do with MSN Messenger). You can close all those ports with this utility: http://www.firewallleaktester.com/wwdc.htm (Compatible : Windows 2000 / XP / 2003 server) But NOTE: Do not close NetBIOS, because you can lose your internet connection. Use this method instead: http://irt.stanford.edu/security/howto/disable-netbios.html Path Copy TeraCopy Unlocker Link to comment Share on other sites More sharing options...
YoKenny Posted January 13, 2009 Author Share Posted January 13, 2009 One good thing to do, is close some of Windows pesky ports, that you don't need anyway. Like these ports: DCOM, RPC, Universal Plug N Play and Messenger (has nothing to do with MSN Messenger). You can close all those ports with this utility: http://www.firewallleaktester.com/wwdc.htm (Compatible : Windows 2000 / XP / 2003 server) But NOTE: Do not close NetBIOS, because you can lose your internet connection. Use this method instead: http://irt.stanford.edu/security/howto/disable-netbios.html Steven Gibson's tiny utilities help with these: DCOMbobulator http://www.grc.com/freeware/dcom.htm Shoot The Messenger http://www.grc.com/stm/shootthemessenger.htm UnPlug n' Pray http://www.grc.com/unpnp/unpnp.htm Test your ports https://www.grc.com/x/ne.dll?bh0bkyd2 Note: Your router or hardware firewall will block these probes. "Education is what remains after one has forgotten everything he learned in school." - Albert Einstein IE7Pro user Link to comment Share on other sites More sharing options...
CeeCee Posted January 13, 2009 Share Posted January 13, 2009 Steven Gibson's tiny utilities help with these: DCOMbobulator http://www.grc.com/freeware/dcom.htm Shoot The Messenger http://www.grc.com/stm/shootthemessenger.htm UnPlug n' Pray http://www.grc.com/unpnp/unpnp.htm Test your ports https://www.grc.com/x/ne.dll?bh0bkyd2 Note: Your router or hardware firewall will block these probes. Yeah, but that WWDC is also good, and comes with "all in one". It's also just one single file and 50,0kt. Path Copy TeraCopy Unlocker Link to comment Share on other sites More sharing options...
Xion44 Posted January 15, 2009 Share Posted January 15, 2009 yesterday downloaded some security stuff with vista. scanned with secunia and looks like everything is fine From my prespective, winvista club is a very good forum for all things windows related. They have helped me and many others in the past. Excellent hints and advice! System specifications and current apps and programs running Funniest moment during bush administration Link to comment Share on other sites More sharing options...
YoKenny Posted January 16, 2009 Author Share Posted January 16, 2009 Virus alert about the Win32/Conficker.B worm Symptoms of infection If your computer is infected with this worm, you may not experience any symptoms, or you may experience any of the following symptoms: Account lockout policies are being tripped. Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled. Domain controllers respond slowly to client requests. The network is congested. Various security-related Web sites cannot be accessed. For more information about Win32/Conficker.b, visit the following Microsoft Malware Protection Center Web page: http://www.microsoft.com/security/portal/E...Win32/Conficker (http://www.microsoft.com/security/portal/Entry.aspx?Name=Win32/Conficker) Propagation methods Win32/Conficker.B has multiple propagation methods. These include the following: Exploitation of the vulnerability that is patched by security update 958644 (MS08-067) The use of network shares The use of AutoPlay functionality Recovery Run the Malicious Software Removal toolThe Microsoft Malware Protection Center h...Run the Malicious Software Removal tool The Microsoft Malware Protection Center has updated the Malicious Software Removal tool (MSRT). This is a stand-alone binary that is useful in the removal of prevalent malicious software, and it can help remove the Win32/Conficker malware family. You can download the MSRT from either of the following Microsoft Web sites: http://www.update.microsoft.com (http://www.update.microsoft.com) http://support.microsoft.com/kb/890830 (http://support.microsoft.com/kb/890830) http://support.microsoft.com/kb/962007 Flash Disinfector is a Flash Malware removing tool created by courtesy of sUBs. It?s a neat and handy tool to handle all of the messes done by those pesky flash malwares. By no means this tool nor this article will guarantee that your pc is 100% clean, it just acts as a reference. Flash Disinfector will target the following Flash malwares(in general): W32/Perlovga (copy.exe | host.exe) VBS_RESULOWS.A (Hacked by Godzilla, Hacked by Moozilla) Bha.dll.vbs w32automa worm (Autorun.vbs) Trojan.Win32.VB.atg | Win32/Dzan | Worm_vb.bnr (tel.xls.exe | mmc.exe) W32/RJump.worm (RavMonE) Worm.Win32.Delf.bf | W32.Fujacks (spoclsv.exe) W32.Fujacks.BH (f***er.vbs) WORM_AGENT.PGV (soundmix.exe) W32/Hakaglan.worm (RVHost.exe) Trojan.Win32.VB.ayo [AVP] (Macromedia_Setup.exe) Trojan.VBS.DeltreeY.b#1 (Destrukto!!! | destrukto.vbs) What will Flash Disinfector Do - Clean up junks created by flash malwares - Deletes autorun.inf from every root folder - Fix back damages done to your system - Creates an autorun.inf folder in the root of your system drives How To Use The Tool *Please remember to disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process* Mirror ? http://download.bleepingcomputer.com/sUBs/...Disinfector.exe Download Flash Disinfector by sUBs and save it to your desktop. ? Double-click Flash_Disinfector.exe to run it. Follow any prompts that may appear. ? Your desktop will vanish for a while, and then reappear. This is normal. ? Wait until the program has finished scanning, then please exit the program. ? Restart your computer and see if problem still persists. "Education is what remains after one has forgotten everything he learned in school." - Albert Einstein IE7Pro user Link to comment Share on other sites More sharing options...
Corona Posted January 16, 2009 Share Posted January 16, 2009 Yo! Kenny! Have you tried that Flash Disinfector thingy yet? Link to comment Share on other sites More sharing options...
YoKenny Posted January 16, 2009 Author Share Posted January 16, 2009 Yo! Kenny! Have you tried that Flash Disinfector thingy yet? Yup. On all of my Flash cards and even my Sony Walkman NWZ-B103 Close all applications first as it closes down explorer.exe plus browser windows then restarts explorer.exe "Education is what remains after one has forgotten everything he learned in school." - Albert Einstein IE7Pro user Link to comment Share on other sites More sharing options...
YoKenny Posted January 17, 2009 Author Share Posted January 17, 2009 'Amazing' worm attack infects 9 million PCsBiggest infection in years, says Finnish security firm January 16, 2009 (Computerworld) Calling the scope of the attack "amazing," security researchers at F-Secure Corp. today said that 6.5 million Windows PCs have been infected by the "Downadup" worm in the last four days, and that nearly 9 million have been compromised in just over two weeks. http://www.computerworld.com/action/articl...ticleId=9126205 Note: Downadup is the same as Conficker "Education is what remains after one has forgotten everything he learned in school." - Albert Einstein IE7Pro user Link to comment Share on other sites More sharing options...
Xion44 Posted January 17, 2009 Share Posted January 17, 2009 update included said malicious tool thingy. From my prespective, winvista club is a very good forum for all things windows related. They have helped me and many others in the past. Excellent hints and advice! System specifications and current apps and programs running Funniest moment during bush administration Link to comment Share on other sites More sharing options...
YoKenny Posted February 8, 2009 Author Share Posted February 8, 2009 OpenDNS rolls out Conficker tracking, blockingDownadup on notice By Dan Goodin in San Francisco Posted in Security, 7th February 2009 21:32 GMT Free research: Application platforms, the state of play With an estimated 10 million PCs infected by the stealthy worm known as Conficker, it's a good bet that plenty of administrators are blissfully unaware that their networks are playing host to the pest. Now, a free service called OpenDNS is offering a new feature designed to alert administrators to the damage and help them contain it. http://www.theregister.co.uk/2009/02/07/op...cker_protection "Education is what remains after one has forgotten everything he learned in school." - Albert Einstein IE7Pro user Link to comment Share on other sites More sharing options...
YoKenny Posted February 13, 2009 Author Share Posted February 13, 2009 Microsoft, Symantec, VeriSign join forces to fight Downadup wormMicrosoft offers $250,000 for info on hackers; ICANN involved in effort, too By Gregg Keizer February 12, 2009 (Computerworld) Nearly 20 technology companies and organizations are combining forces to disrupt the command-and-control infrastructure of the rapidly spreading Downadup worm, prompted by infection rates of nearly 2.2 million machines each day. http://www.computerworld.com/action/articl...tsrc=hm_ts_head "Education is what remains after one has forgotten everything he learned in school." - Albert Einstein IE7Pro user Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now