Announcement

Collapse
No announcement yet.

Conficker C: A Threat?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Conficker C: A Threat?

    http://www.maximumpc.com/article/new...pril_fools_day

    In the normal surfing one digs up plenty of trash true or not. Quite a few tech sites seem to be buzzing with this attack primed on April 1st.

    So should we be pulling our hair out, or is this something that we fend off everyday? I'm pretty confused on how it spreads.


  • #2
    Re: Conficker C: A Threat?

    Here is a good summary on the worm so far:

    http://en.wikipedia.org/wiki/Conficker

    Comment


    • #3
      Re: Conficker C: A Threat?

      This just posted:

      http://www.downloadsquad.com/2009/03...-to-conficker/



      .

      LINKS

      * *


      Stoop and you'll be stepped on; stand tall and you'll be shot at.

      -Carlos A. Urbizo-

      Comment


      • #4
        Re: Conficker C: A Threat?

        if you have a proper Anti Virus updated regulary as well as an up to date windows installation there's nothing to fear.. and if your PC is way slower than usual, pull the internet plug.

        lol, i read somewhere that conficker got on board of a french aircraft carrier...

        Life's too short to live it fast.




        Comment


        • #5
          Re: Conficker C: A Threat?

          The worm exploits a known vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, and Windows 7 Beta.[2][3][4]
          Wait.. a known, serious, vulnerability that has been around since 2000? Sigh. Somewhat comical, that they spend their time and money rebranding Vista, and paying for large advertising campaigns.

          Hopefully we don't have any TG computer casualties.

          Comment


          • #6
            Re: Conficker C: A Threat?

            not necessarily known since 2000 (unless I missed that somewhere) just happens to be the same vulnerability in all the versions of windows going back to 2000
            Reapator, overlord of ponies

            Comment


            • #7
              Re: Conficker C: A Threat?

              Install the AutoRun blocker recommended by CERT:

              http://www.us-cert.gov/cas/techalerts/TA09-020A.html

              It's real simple to do and stops autorun trojans dead.
              Dude, seriously, WHAT handkerchief?

              snooggums' density principal: "The more dense a population, the more dense a population."

              Iliana: "You're a great friend but if we're ever chased by zombies I'm tripping you."

              Comment


              • #8
                Re: Conficker C: A Threat?

                Originally posted by ScratchMonkey View Post
                Install the AutoRun blocker recommended by CERT:

                http://www.us-cert.gov/cas/techalerts/TA09-020A.html

                It's real simple to do and stops autorun trojans dead.
                I'm having issues following the instructions in Vista though.

                Comment


                • #9
                  Re: Conficker C: A Threat?

                  Code:
                  III. Solution
                  
                  Disable AutoRun in Microsoft Windows
                  
                  To effectively disable AutoRun in Microsoft Windows, import the following registry value:
                  
                  REGEDIT4
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
                  @="@SYS:DoesNotExist"
                  To import this value, perform the following steps:
                  
                  Copy the text
                  Paste the text into Windows Notepad
                  Save the file as "autorun.reg"
                  Note: In certain circumstances, Notepad may automatically add a .txt extension to saved files. To ensure that the file is saved with the proper extension, select All Files in the "Save as type:" section of the "Save As" dialog.
                  Navigate to the file location
                  Double-click the file to import it into the Windows registry
                  works just the same at least for me, whats giving you the hold up?
                  Reapator, overlord of ponies

                  Comment


                  • #10
                    Re: Conficker C: A Threat?

                    Just posted:
                    What You Need to Know About Conficker and How to Avoid Being a Victim


                    .

                    LINKS

                    * *


                    Stoop and you'll be stepped on; stand tall and you'll be shot at.

                    -Carlos A. Urbizo-

                    Comment


                    • #11
                      Re: Conficker C: A Threat?

                      For those of you with big networks to test (where big could mean a dozen, still a PITA to go around and check each one), here's a nice writeup on how to remotely scan for the vulnerability:

                      http://seclists.org/nmap-dev/2009/q1/0869.html

                      Download the beta nmap for Windows here:

                      http://nmap.org/download.html

                      Currently this is the direct link to the latest beta, but check the download page for a newer one:

                      http://nmap.org/dist/nmap-4.85BETA6-win32.zip

                      Then CD to "\Program Files\Nmap" and run this command (all one line):

                      Code:
                      nmap -sC --script=smb-check-vulns --script-args=safe=1 -p445  -d -PN -n -T4 --min-hostgroup 256 --min-parallelism 64  -oA conficker_scan 192.168.0.0/16
                      Replace the "192.168.0.0/16" with your network address setup.

                      This is gonna spew a lot of text so pipe it to a file or run it inside a command window set to keep a lot of scrollback history. Or use the XML option suggested by the author of my first link.

                      I have about a dozen hosts and told it to scan a block of 64k addresses and got about 500 lines of output.

                      Here's a typical output for one host:

                      Code:
                      Host 10.169.6.244 is up, received arp-response (0.091s latency).
                      Scanned at 2009-03-31 16:51:49 Pacific Daylight Time for 246s
                      Interesting ports on 10.169.6.244:
                      PORT    STATE SERVICE      REASON
                      445/tcp open  microsoft-ds syn-ack
                      MAC Address: 00:12:17:92:39:E0 (Cisco-Linksys)
                      
                      Host script results:
                      |  smb-check-vulns:  
                      |  MS08-067: NOT RUN
                      |  Conficker: Likely CLEAN
                      |_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run)
                      Final times for host: srtt: 90805 rttvar: 44374  to: 268301
                      The Conficker line is the important one. The MS08-067 line says "NOT RUN" because I'm running with the "safe" option to keep it from crashing vulnerable systems. I'm digging up how to enable "unsafe" mode so I can test for the missing MS patch. (Better I crash the system than a virus does!)
                      Dude, seriously, WHAT handkerchief?

                      snooggums' density principal: "The more dense a population, the more dense a population."

                      Iliana: "You're a great friend but if we're ever chased by zombies I'm tripping you."

                      Comment


                      • #12
                        Re: Conficker C: A Threat?

                        Ok, if you're willing to crash an unpatched machine (and I am), change the "safe=1" to "unsafe=1" in the above command.

                        Conficker will probably crash a vulnerable machine anyway, so better you crash it with a scanner (and hence discover the need to patch that machine) than let Conficker find it for you.

                        Just don't do it while someone's doing critical work. If you're scanning the office network, wait until after hours, and have someone around who can restart any crashed boxes. And fire the guy who didn't apply the patch!
                        Dude, seriously, WHAT handkerchief?

                        snooggums' density principal: "The more dense a population, the more dense a population."

                        Iliana: "You're a great friend but if we're ever chased by zombies I'm tripping you."

                        Comment


                        • #13
                          Re: Conficker C: A Threat?

                          Update: http://www.cnn.com/2009/TECH/04/01/t...ses/index.html


                          Comment

                          Connect

                          Collapse

                          TeamSpeak 3 Server

                          Collapse

                          Advertisement

                          Collapse

                          Twitter Feed

                          Collapse

                          Working...
                          X