Recently there have reports regarding the rapid spread of the Win32/Conflicker/Downadup worm. The spread of this worm is alarming and the Communication and Multimedia Commission wish to remind all computer users, especially those who are networked or connected to the internet to be aware and take the necessary precautions.
Those who are tech-savvy may find the following information useful. If you want to go straight to remedial action, please scroll down.
Technical Details of the worm
Aliases: W32/Conficker.worm.gen (Symantec)
Worm : Win32/Conficker (Microsoft)
Mal/Conficker (Sophos)
W32/Downadup.AL (F-Secure)
Description:
Win32/Conficker.B is a worm that infects other computers across a network by exploiting vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.
Affected Systems:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Infection / Propagation Method:
-
It exploits the MS08-067 vulnerability.
-
It attempts to log on to surrounding computers on the network using brute force on MS Windows Administrators account over local network and upon successful attempts will spread through ADMIN$ shares.
-
It infects other computers through removable devices such as USB flash drives.
Kandungan Berkaitan