Windows worm hits 8.9 million PCs in past week

Windows worm hits 8.9 million PCs in past week

www.vnunet.com

The worm, dubbed Conficker, Downadup, or Kido, spreads via a vulnerability that Microsoft patched in October 2008. Once on a machine it sets up an HTTP server and resets a machine's System Restore point to stop administrators deleting it.

(visit the link for the full news article)


Related News Links:
www.symantec.com
www.precisesecurity.com

Hi everyone. Just a quick heads up, not sure if this has been posted before but looks like another Trojan is on the go and is exploiting a microsoft vulnrability that was supposed to have been patched back in October.

From what I can see it looks like it affects the RPC service similar to the Blaster/Sasser worms a few years back.

Ive checked on the Symantec website which reports it as being low risk or little more than an annoyance (lol unless your the one infected by it) also has removal instructions.

Seems of late the Microsoft operating systems have more holes than my jumper.

good luck
Morgs


www.vnunet.com
(visit the link for the full news article)

The article recommends blocking port 445 incoming and outgoing. For those who don't know how to do that, feel free to send me a message and I'll try to help

Originally posted by morg9000
Seems of late the Microsoft operating systems have more holes than my jumper.

Not really it just seems that this diverse OS is under attack as it is every day of every year as will continue to be until it's market share as the dominate OS is overtaken. At that point holes in the other OS's will become apparent.

Here's a joke for you

What's the different between a linux and windows OS user???

Answer: A linux user installs their own OS.

And their is where the problem lies, although (in my opinion) windows is a great OS it's prodomoantly used by a bunch of morons who seem to believe that African kings want to give them $30 million or that some doctor to make their penis bigger, or maybe you need the latest smillies??

17 years on a mac.
never once a malicious piece of software effecting my day to day living.
no viruses, no melted HD.

gotta love being the small guy.

To block port 445, either get your own firewall or turn on Windows Firewall via

Control Panel

(switch to classic view much easier)

Windows Firewall

Turn it on

Go to exceptions and make sure File and Printer sharing is NOT checked.


alas you have turned of Remote Procedure Call function.

Originally posted by spitefulgod

or that some doctor to make their penis bigger,

Wait a minute, you mean that doesn't work??

I just checked and my system restore is still working fine so I guess I don't have it....yet....

Still, everytime I hear, "Once you try Mac, you'll never go back" I seriously think about switching brands.

Originally posted by mrwupy

Originally posted by spitefulgod

or that some doctor to make their penis bigger,

Wait a minute, you mean that doesn't work??

I just checked and my system restore is still working fine so I guess I don't have it....yet....

Still, everytime I hear, "Once you try Mac, you'll never go back" I seriously think about switching brands.

Then switch it's an open market, think of Windows as the a normal brand, mac as a organic brand (not in the fact that it more ethical as it's more closed than microsoft, but in that it's more expensive) and then linux is a value brand...

Linux = pwnx

Good for hacking, and security... =D

Originally posted by Revolution-2012

Go to exceptions and make sure File and Printer sharing is NOT checked.

A lot of people use that service though. If this doesn't make people realize they need a firewall besides the built in Windows "firewall", it should! There are plenty of free ones out there, and only takes a few clicks to block port 445 instead of turning off file sharing.

Originally posted by Revolution-2012
Linux = pwnx

Yes indeed! I have Windows on my gaming computer and gOS (Ubuntu mod) on my laptop. Linux is amazing! It's also getting very user-friendly these days.

Originally posted by spitefulgod

And their is where the problem lies, although (in my opinion) windows is a great OS it's prodomoantly used by a bunch of morons who seem to believe that African kings want to give them $30 million or that some doctor to make their penis bigger, or maybe you need the latest smillies??

You're so right. I use to be a self-hating Windows user for a while too, until I realized that for the most part, Windows is not the problem; it's the people who use their computers without having a clue what they're doing that gives Windows a bad rap. People forget that computers are still just machines!

[edit on 1/17/2009 by iceofspades]

Hey there morg9000,

We doubled up on this one..ooops...sorry.

Here's my link..www.abovetopsecret.com...

I also put it on BTS

From the time stamp it look like we were both posting within minutes of each other with you posting first.

Apologies for the double post but at least we got the word out around here.

SeeYa!

[edit on 17-1-2009 by wolf241e]

reply to post by iceofspades


What a load of bull, most people have modern adsl routers that block all your internal network anyway... don't bother about this KILLER virus.. it's not going to effect you.. well unless you use a modem rather than a router.... Mobile users maybe? home users... probably not!


[edit]
Not a personal attack iceofspades, just meant the story as a whole

[edit on 17/1/2009 by spitefulgod]

No worms here on Fedora 10. No virus scans needed so far. There is no virus software installed. Fedora is my internet surfing OS, and the OS I use for most things. I guess there is no profit in making viruses for a free OS.

If Linux could do everything I needed, I would fully switch, instead of dual booting. Linux is close though. It can run a lot of Windows software with WINE. And there are Linux alternatives for many Windows programs.

Troy

I was just reading about this worm this morning and started busting up laughing... I just decided to try out Ubuntu. As a matter of fact, I got the download on tuesday, had it up and running by the next night, and spent the next couple nights (til 4AM this morning) trying to figure out how the hell to get Ubuntu Studio to a second partition without a DVD, then getting it to boot (just had to swap my GRUB menu files between the 2 OS's).

I've been trying for years to get away from Windows... tried a couple shell replacements (unfortunately doesn't replace the kernel, lol), SUSE, Fedora Core... I'm stoked on Linux now... reminds me of the old days of IRC warscripts and security scripts.

BTW, Ubuntu Studio I can get down to 2ms latency with my DSP24! It runs fast, and supports 64bit architechture... just wish I could get Everquest up and running... I can't replace that, lol. For recording and music I've been using Acid Pro 6, Reason 2.5, T-Racks, plus a bunch of VST plugins (of which I will miss one... Amplitube... not sure if there's an emulator to run VST with Audacity... haven't got that far yet).

Sum up my post... #$%@ MICROSOFT! I'M A FREE MAN! No, really... Ubuntu was FREE!! HAHAHA!!! (not that I ever payed money for a MS OS thanks to preinstalled OEM software... although considering the problems I've had over the years, I HAVE payed for it).

BTW, no firewalls or antivirus ever installed on my Windows OS's, and I only averaged about 1 virus a year, and 1 worm every 5 or so... and I cruise extensively through porn and other questionable sites, as well as I used to do alot of P2P (I collect music videos... way kewler than mp3's!).

The one time I decided to use the 3-month Norton (which I could reactivate by re-installing my OS, lmao!) I got 7 viruses. WTF?!? I have MANY guru friends that have confirmed the same thing on their own systems. It doesn't take a genius to tell something isn't running right after an internet session, kinda like noticing a small ticking sound when you drive your car. I'm really hands on with my equipment and software, though.

About this worm... I didn't read anything that said what it did besides using resources to reproduce itself. Is it an attack worm? Nuke, data hack? Is it anything like (or is it THE) virus that hijacks your screen saver and throws up a BSOD? (I got that one about 2 weeks ago... something in the way I set up my systems always fooks with viruses and limits their capabilities... been doing that since WIN95. It threw the screen up, I rebooted to see if it was real BSOD, and got it again. Went in and simply removed any files that had been created since the day before, did backup and was good to go. Everyone else I know couldn't make it 10 seconds without that stupid screen saver taking over.)

So, Yes... I have been laughing all day long, every time I come across the article.

BTW, MAC users who may be interested in a computer that doesn't have to use branded hardware, you know... like a PC... give Linux a try. My experiencce is that SUSE is a hog. Fedora just didn't feel right, but Ubuntu is just right. It kinda reminds me of OSX. Should give it a try. Heck, the OS is free, AMD64 X2 motherboard combo is about $150, vid card $150, HDD $100, RAM $100 and a case/PSU for $50. Cheaper than a MAC, runs just as good.

reply to post by cybertroy


I believe in the future that microsoft are going to go to the point that they have in China, OS + Office of for virtually nothing to sustain market dominance over piracy and Open source.... It's not open source but it's profitable and almost free.

sounds more like a trojan then a virus, and I don't buy this at all.

It doesn't have AI, someone has to send commands to it....and this story doesn't add up.

The quote:
"The gang behind this worm haven't used it yet,"

OK, so they say its a worm, but If they haven't used it yet that would confirm its a worm/trojan. And how would someone send commands to 5 million of them?

I think all of them would have to coordinate through a central server or IP address. Because it would be impossible to issue commands to 5 million. Unless the trojan/worm sends IP data back to a central server/ip. And if that happened it would increase the chances of catching the creator.


This is a promotional stunt of some sort. Someone might have created it and will not harm any PC's confess to it and try to get a security job somewhere. Especially with the job market weak right now. That theory adds up.

Or it could have been released by an AV company.

reply to post by Earthscum


You can run Mac OSX on non Apple hardware, just search on google will cost you about £400 though, as for the other OS's I've always found ubuntu UI a little too unfinished for my liking, plus for the computer novice it's no use when something goes wrong.

reply to post by spitefulgod


Id already blocked port 445 previously on my router. There being a list of suspicous ports that I've already blocked previously including messenger service port 35 or 135, cant remember which.

Trouble with disabling the RPC service that was mentioned previously is there are a list of various services that operate in the background that actually require it to be enabled. Though I remember before there was a fix released for the Sasser variants we were advising people to temporarily stop both RPC services.

The main problem that I see really is people file sharing and downloading without decent security software installed. Or the gullable clicking on ads promising to remove certain threats from their systems. Or even reading spam emails promising to extend a certain part of their anaotomy.

Yknow something Ive just learned?? Never give your dog a bone when you settle down to watch a film..

Morgs

"Microsoft Works" now thats a bold statement!

reply to post by xstealth


From when I used to write HDD blasting software for OEMs I would think a virus writer would use multicasting on the same subnet or two.

When I got on last night, my computer was crap. It just wouldn't do hardly anything. I had to leave for about half an hour and when I came back there was a message on my screen that my AVG software had detected a trojan. It quarantined it and things were fine after that.