Monday, January 19, 2009

Win32/Conficker.B/Downadup Infections

There has been a lot of publicity recently about the Win32/Conficker.B/Downadup infections. These are the infections that were addressed by the out-of-band update in October, MS08-067. People with unpatched systems are experiencing system lockout and other problems.

Technical Background

Win32/Conficker.B exploits a vulnerability in the Windows Server service (SVCHOST.EXE) for Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows 2008. While Microsoft addressed this issue in October with Microsoft Security Bulletin MS08-067, and Forefront antivirus and OneCare (as well as other vendor’s anti-virus products) helped protect against infections, many systems that have not been patched manually through Server Update Services and Microsoft/Windows Update or through Automatic Updates have recently come under attack by this worm. Attacked systems may lock out users, disable our update services and block access to security-related Web sites:

In response to this threat, Microsoft has:

  • Updated the January version of the Malicious Software Removal Tool (MSRT) to detect and remove variants of Win32/Conficker.B. You can download this version from the MSRT from either the Microsoft Update site or through its associated Knowledge Base article.

Fellow MVP Harry Waldron has provided some excellent coverage of this worm. The figures are quite scary because this is not the easiest infection to remove. See Harry's recent posts on this worm:

If security updates are not up-to-date on your computer, I strongly recommend that you download and run the MSRT and then apply the security update MS08-067 as soon as possible.

References
:





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: