Interesting People mailing list archives
Re: US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems
From: David Farber <dave () farber net>
Date: Mon, 30 Mar 2009 16:50:59 -0400
Begin forwarded message: From: Justin D <justin () freeverse com> Date: March 30, 2009 3:08:04 PM EDT To: David Farber <dave () farber net>Subject: Re: [IP] US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems
Hi David, For IP, if you will…With April 1st coming up fast, the NYTimes had an interesting piece by John Markoff a few days back, with background on the worm as well as potential uses for the resulting botnet, written with the layman in mind:
http://bits.blogs.nytimes.com/2009/03/19/the-conficker-worm-april-fools-joke-or-unthinkable-disaster/One of those "could be nothing, could be everything" situations. I'll be at the office late tomorrow making sure to check all our Windows installs, that's for sure!
~ Justin D'Onofrio | Freeverse On Mar 30, 2009, at 2:38 PM, David Farber wrote:
Begin forwarded message: From: Date: March 30, 2009 11:29:17 AM EDT To: dave () farber netSubject: Fwd: US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systemsnot for attribution interesting subtext? Mar 30, 2009 12:16:50 AM, cert-advisory () cert org wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-088A Conficker Worm Targets Microsoft Windows Systems Original release date: March 29, 2009 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows Overview US-CERT is aware of public reports indicating a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067. I. Description The presence of a Conficker infection may be detected if a user is unable to surf to the following websites: * http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm * http://www.mcafee.com If a user is unable to reach either of these websites, a Conficker infection may be indicated (the most current variant of Conficker interferes with queries for these sites, preventing a user from visiting them). If a Conficker infection is suspected, the infected system should be removed from the network. Major anti-virus vendors and Microsoft have released several free tools that can verify the presence of a Conficker infection and remove the worm. Instructions for manually removing a Conficker infection from a system have been published by Microsoft in http://support.microsoft.com/kb/962007. II. Impact A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system. III. Solution US-CERT encourages users to prevent a Conficker infection by ensuring all systems have the MS08-067 patch (part of Security Update KB958644, which was published by Miscrosoft in October 2008), disabling AutoRun functionality (see http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and maintaining up-to-date anti-virus software. IV. References * Virus alert about the Win32/Conficker.B worm - <http://support.microsoft.com/kb/962007> * Microsoft Security Bulletin MS08-067 - Critical - <http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx> * Microsoft Windows Does Not Disable AutoRun Properly - <http://www.us-cert.gov/cas/techalerts/TA09-020A.html> * MS08-067: Vulnerability in Server service could allow remote code execution - <http://support.microsoft.com/kb/958644> * The Conficker Worm - <http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm> * W32/Conficker.worm - <http://us.mcafee.com/root/campaign.asp?cid=54857> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA09-088A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert () cert org> with "TA09-088A Feedback VU#827267" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Archives
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems David Farber (Mar 30)
- <Possible follow-ups>
- Re: US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems David Farber (Mar 30)