13 replies to this topic

[YoKenny]

Quote

'Huge increase' in worm attacks plague unpatched Windows PCs
Microsoft scolds users who never applied October's emergency update
By Gregg Keizer

January 12, 2009 (Computerworld) A computer worm that exploits a Windows bug Microsoft Corp. patched more than two months ago continues to wreak havoc, a security company said today, as it boosted its overall threat ranking and warned users to patch their PCs.

"We've seen a huge increase in the number of [malware] samples, as well as infections," said Ryan Sherstobitoff, chief corporate evangelist at Panda Security, referring to the "Conficker.c" worm.

http://www.computerworld.com/action/articl...p;source=NLT_PM

Today is Patch Tuesday so patches should be available by 3:00pm EST

[Andavari]

Hence the reason not to turn off Automatic Updates.

[YoKenny]

Andavari, on Jan 13 2009, 06:20 AM, said:

Hence the reason not to turn off Automatic Updates.

Don't you want to reach out and touch one of the Security Experts that often recommend turning it off because they are paranoid that Microsoft may be spying on them?

[CeeCee]

One good thing to do, is close some of Windows pesky ports, that you don't need anyway. Like these ports: DCOM, RPC, Universal Plug N Play and Messenger (has nothing to do with MSN Messenger). You can close all those ports with this utility: http://www.firewalll...er.com/wwdc.htm (Compatible : Windows 2000 / XP / 2003 server)

But NOTE: Do not close NetBIOS, because you can lose your internet connection. Use this method instead: http://irt.stanford....le-netbios.html

[YoKenny]

CeeCee, on Jan 13 2009, 09:52 AM, said:

One good thing to do, is close some of Windows pesky ports, that you don't need anyway. Like these ports: DCOM, RPC, Universal Plug N Play and Messenger (has nothing to do with MSN Messenger). You can close all those ports with this utility: http://www.firewalll...er.com/wwdc.htm (Compatible : Windows 2000 / XP / 2003 server)

But NOTE: Do not close NetBIOS, because you can lose your internet connection. Use this method instead: http://irt.stanford....le-netbios.html

Steven Gibson's tiny utilities help with these:

DCOMbobulator http://www.grc.com/freeware/dcom.htm
Shoot The Messenger http://www.grc.com/s...hemessenger.htm
UnPlug n' Pray http://www.grc.com/unpnp/unpnp.htm

Test your ports https://www.grc.com/x/ne.dll?bh0bkyd2
Note: Your router or hardware firewall will block these probes.

[CeeCee]

YoKenny, on Jan 13 2009, 04:42 PM, said:

Steven Gibson's tiny utilities help with these:

DCOMbobulator http://www.grc.com/freeware/dcom.htm
Shoot The Messenger http://www.grc.com/s...hemessenger.htm
UnPlug n' Pray http://www.grc.com/unpnp/unpnp.htm

Test your ports https://www.grc.com/x/ne.dll?bh0bkyd2
Note: Your router or hardware firewall will block these probes.

Yeah, but that WWDC is also good, and comes with "all in one". It's also just one single file and 50,0kt.

[Xion44]

yesterday downloaded some security stuff with vista. scanned with secunia and looks like everything is fine

[YoKenny]

Quote

Virus alert about the Win32/Conficker.B worm
Symptoms of infection
If your computer is infected with this worm, you may not experience any symptoms, or you may experience any of the following symptoms:

• Account lockout policies are being tripped.
  
• Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
  
• Domain controllers respond slowly to client requests.
  
• The network is congested.
  
• Various security-related Web sites cannot be accessed.

For more information about Win32/Conficker.b, visit the following Microsoft Malware Protection Center Web page:
http://www.microsoft.com/security/portal/E...Win32/Conficker (http://www.microsoft...Win32/Conficker)

Propagation methods
Win32/Conficker.B has multiple propagation methods. These include the following:

• Exploitation of the vulnerability that is patched by security update 958644 (MS08-067)
  
• The use of network shares
  
• The use of AutoPlay functionality

Recovery
Run the Malicious Software Removal toolThe Microsoft Malware Protection Center h...Run the Malicious Software Removal tool
The Microsoft Malware Protection Center has updated the Malicious Software Removal tool (MSRT). This is a stand-alone binary that is useful in the removal of prevalent malicious software, and it can help remove the Win32/Conficker malware family.

You can download the MSRT from either of the following Microsoft Web sites:
http://www.update.microsoft.com (http://www.update.microsoft.com)
http://support.microsoft.com/kb/890830 (http://support.microsoft.com/kb/890830)

http://support.microsoft.com/kb/962007

Quote

Flash Disinfector is a Flash Malware removing tool created by courtesy of sUBs. It’s a neat and handy tool to handle all of the messes done by those pesky flash malwares. By no means this tool nor this article will guarantee that your pc is 100% clean, it just acts as a reference.

Flash Disinfector will target the following Flash malwares(in general):

W32/Perlovga (copy.exe | host.exe)
VBS_RESULOWS.A (Hacked by Godzilla, Hacked by Moozilla)
Bha.dll.vbs
w32automa worm (Autorun.vbs)
Trojan.Win32.VB.atg | Win32/Dzan | Worm_vb.bnr (tel.xls.exe | mmc.exe)
W32/RJump.worm (RavMonE)
Worm.Win32.Delf.bf | W32.Fujacks (spoclsv.exe)
W32.Fujacks.BH (f***er.vbs)
WORM_AGENT.PGV (soundmix.exe)
W32/Hakaglan.worm (RVHost.exe)
Trojan.Win32.VB.ayo [AVP] (Macromedia_Setup.exe)
Trojan.VBS.DeltreeY.b#1 (Destrukto!!! | destrukto.vbs)

What will Flash Disinfector Do
- Clean up junks created by flash malwares
- Deletes autorun.inf from every root folder
- Fix back damages done to your system
- Creates an autorun.inf folder in the root of your system drives

How To Use The Tool

*Please remember to disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

Mirror — http://download.bleepingcomputer.com/sUBs/...Disinfector.exe

Download Flash Disinfector by sUBs and save it to your desktop.

» Double-click Flash_Disinfector.exe to run it. Follow any prompts that may appear.
» Your desktop will vanish for a while, and then reappear. This is normal.
» Wait until the program has finished scanning, then please exit the program.
» Restart your computer and see if problem still persists.

[Corona]

Yo! Kenny! Have you tried that Flash Disinfector thingy yet?

[YoKenny]

Corona, on Jan 16 2009, 10:20 AM, said:

Yo! Kenny! Have you tried that Flash Disinfector thingy yet?

Yup.

On all of my Flash cards and even my Sony Walkman NWZ-B103

Close all applications first as it closes down explorer.exe plus browser windows then restarts explorer.exe

[YoKenny]

Quote

'Amazing' worm attack infects 9 million PCs
Biggest infection in years, says Finnish security firm

January 16, 2009 (Computerworld) Calling the scope of the attack "amazing," security researchers at F-Secure Corp. today said that 6.5 million Windows PCs have been infected by the "Downadup" worm in the last four days, and that nearly 9 million have been compromised in just over two weeks.

http://www.computerworld.com/action/articl...ticleId=9126205

Note: Downadup is the same as Conficker

[Xion44]

update included said malicious tool thingy.

[YoKenny]

Quote

OpenDNS rolls out Conficker tracking, blocking
Downadup on notice
By Dan Goodin in San Francisco
Posted in Security, 7th February 2009 21:32 GMT
Free research: Application platforms, the state of play

With an estimated 10 million PCs infected by the stealthy worm known as Conficker, it's a good bet that plenty of administrators are blissfully unaware that their networks are playing host to the pest. Now, a free service called OpenDNS is offering a new feature designed to alert administrators to the damage and help them contain it.

http://www.theregister.co.uk/2009/02/07/op...cker_protection

[YoKenny]

Quote

Microsoft, Symantec, VeriSign join forces to fight Downadup worm
Microsoft offers $250,000 for info on hackers; ICANN involved in effort, too

By Gregg Keizer

February 12, 2009 (Computerworld) Nearly 20 technology companies and organizations are combining forces to disrupt the command-and-control infrastructure of the rapidly spreading Downadup worm, prompted by infection rates of nearly 2.2 million machines each day.

http://www.computerworld.com/action/articl...tsrc=hm_ts_head