Category: worm

Security Researchers warn of potential flaws in Windows

Paul

I read an article today from Techworld. I wanted to Discuss this in detail. I also found some links that suggest that Techworld is right.

[ad#ad2-right]

Andrew Storms, director of security operations at nCircle Network Security, speculated that the latest bugs were found by researchers using information disclosed in SMB fixes Microsoft released in October and November.[va Techworld]

According to my investigation, and I have been looking. I found a few SMB Vulnerabilities. One of them is CVE-2008-4835 and CVE-2008-4834. These two are capable of Remote Code Execution, and are Consider very High on the Impact list and all.

So Did people find these exploits or vulnerabilities from the last MS 08-067 patch? I would have to conclude it is a real possibility.

Although Microsoft did patch those holes this month.  I grow to wonder just how much these hackers keeping the IT professionals on there toes.    I hope people updated their system to prevent another worm because you don’t want the worm like Downadup Do you?  I am sure there will be a worm or a virus that will exploit this in time, and I think sooner or later someone will use this just like the other one.

More Information on the downadup Worm

Paul

If your working to get rid of this Downadup Worm, F-secure is giving out a free removal tool to help with that task.   According to F-Secure Worm:W32/Downadup.gen description which Talks about how bad this worm is.

[ad#ad2-right]Due to companies not updating the MS 08-067 patch, it is the primary way for this worm to get onto a system.

Graham Cluely’s Blog ask a question and got quite a few answers from the users. The results of the poll are 53% believe the hackers are to blame, and 30% think the System Administrators are to blame, and 17% think Microsoft is to blame for this worm.

I have a mix feelings over who is to be blamed for this worm. I think the person who wrote this, did it for a specific reason. We can’t expect any software we use to be 100% safe, even Macintosh are not 100% safe. Microsoft isn’t to be blamed because they tried to patch this as quickly as they could. I know that companies have a hard time keeping up with Microsoft updates, and they really can’t be blamed. I think Hackers are always going to make a virus just because they can. That’s in there nature and we will never be really rid of the virus or worm writers. They are in it for the Money, to boast, to take control of, or steal sensitive information. Windows being the Alpha Dog, people are always going to test the waters because of that.

So who do you think is to be blamed?  I’d like to hear your thoughts on this.

Who do you think is to blame for the Downadup Worm?

1) End Users
2) Microsoft who did patch it
3) The person who Wrote this Worm
4) Companies who didn’t implement updates
5) No one it is going to happen
6) People who pay the writers of Virus/Worms

View Results

Make your own poll

If you think someone else is to be blamed just make a comment.

Please bear in mind that this poll is not scientific and is provided for information purposes only. The comments expressed on this page are those of a subsection of poll participants, and not necessarily those of Tech-linkblog. Tech-linkblog makes no guarantees about the accuracy of the results other than that they reflect the choices of the users who participated.

How Serious is the Downadup.b/Conflicker Worm?

Paul

In there latest post F-secure has updated how many people are infect and I’ll quote:

Today’s calculation is a total of 8,976,038 infections worldwide and 353,495 unique IP addresses.

That’s a quite a big difference compared to our last number — there will be a follow up post coming soon to explain the methodology.

[Via F-secure]

F-secure has noticed it went up from 3,521,230 infections worldwide. This Worm has doubled in over a day.  So I have done some twitter searching to see if anyone has recently tweeted about this and I find this one comment:
[ad#ad2-right]

WTF? suddenly my antivirus is popping with warnings about a W32.Downadup.B … but I havent received any attachs or installed anything!

[Via Twitter Mklopez]

I’d thought I show you how important it is for you to get ready for a very hard fight ahead of yourselves.  You see this hasn’t even begun with this worm.

Here’s are some of the tweets:

2 customers, have this conflicker.worm problem and we are trying every possible solution but nothing turned out to be solved

[Via Twitter  Candegger]

@carnal0wnage Hey happy new year, what malware one of my clients just had a large outbreak of the conflicker virus, pretty good virus

[Via twitter MarcoFigueroa]

[ad#ad2-right]This worm doesn’t need to be downloaded because it will use exploits that are currently unpatched in the systems .  This worm seems to be spreading by USB sticks and you should really turn that off. If you think you’ve gotten this virus, please check out my Malware Resources and also some of the other post about this worm:

I hope these resources help you fight that worm and help people get your system back to normal.

Check out my other Posts about Conflicker/Downadup Worm.

Blasting the Downadup.b/Conflicker back to the Stone-age!

Paul

It has been talked about the last few days where there is a worm hitting the computers who haven’t done the Microsoft Update MS08-067 which was release out of cycle and still have some systems has not been patched.  It has also been reported that it is spreading around the internet really quickly.   According to Computer World:

[ad#ad2-right]The worm, which was first reported by Panda and other security companies on Dec. 31, 2008, exploits a vulnerability in the Windows Server service that’s part of all currently supported versions of Microsoft’s operating system, including Windows 2000, XP, Vista, Server 2003 and Server 2008.


[via Computer World]

It seems Microsoft has scolded people who haven’t patched for the October emergency update. Accusing users of playing “Russian Roulette”  and scolding them for not promptly updating their system to remove the vulnerability.

Symantec Blogged about this security of this program and how it was a variant of Downadup.b.  It also talks about how they are seeing an even more increase on this worm that was supposed to be patched by people who use Windows 2000 Server.

[ad#ad2-left]F-secure did a post about Downadup/Conflicker and how they took an Preemptive domain block list for this worm.   They have also seen an increase in this worm and they are trying to prevent this worm from gaining ground.   Talking about this being a network worm, in more ways then one.  Some have even seen it being sent through USB drives.   If you have a system you want to protect you should stop autorun.

Here are some links to better help you get this worm off your system:

In order to remove this worm, you must do a complete system scan with any of the free virus scanning programs.  You’ll need to update your virus database before you do the scan.  You may even want to try the free virus scanners tha are online to get rid of this worm.   These should help you get rid of this worm, but you must remember to install the update or you will get the worm again.  The MS08-067 Patch should be installed as soon as possible you can find the patch here.

Tools for Virus Removal : The ones I like to use!

Paul

In this post I want to talk about virus removal tools that I like to use when I need to remove a virus.   Some thing to consider when using these tools are:

Each of these have to be dealt with differently because each requires something different.  Like rootkits if you have one installed and know that it is a rootkit you only options are to download some rootkit removers like:

  • Sopho’s Anti-rootkit remover —  This is good for those more known viruses and can remove several types of rootkits.   This isn’t the only one I use, but it is a part of group that does the rootkit removing for me.

  • Microsoft Rootkit Revealer —  This is good for proving there is a rootkit.  I’ve not seen it not detect a rootkit.  Most of the time when I find a rootkit from the other rootkit revealers this one actually dos better with information.

  • Panda Anti-Rootkit Remover — This one is another one I use when the other ones can’t remove it.  Each one does remove certain rootkit differently and works better than the other.

  • Aries Rootkit Remover from Lavasoft — This is good for those really tough rootkits but have some great benefits for removing some of the really tough rootkits.

These are the ones that work well with me when it comes to removing the rootkits.  I’ve not had one of these to remove a rootkit but that depends on how you deal with the virus in the first place.  Now for Anti-spyware and Anti-Virus software here are some of the tools that I suggest:

  • HijackthisRun it, and when you get the LOG file you will want to go to HijackThis Log Analysis Site 1 and HijackThis Log Analysis Site 2, and see what it says.  This is the best software because it will scan all of the registry and tells you like a wiki what might it be.

  • MSCONFIG — Sometimes it is hidden but if you check through the MSCONFIG for any files that might not need to load. Also check the services tab and see if there is any services that may not be needed.

  • Pctools Antivirus Free Software — This is a free software so what can I say.

  • AVG Anti-Virus Free Edition 7.5.503 — This is another free one that can remove viruses really easily. Download this and you don’t have to worry to much.

  • Avast Home Edition — AVG does better than this one but people seem to like this so I have to add this for people who like this better than the others.

  • Clamwin Free Anti-virus — This is a good one because this is open sourced and easily can help detect so many viruses. This is good for those people who like open sourced.

These are just  the ones that I like to recommend that does pretty good on removing the viruses but there are others that I recommend on my Malware Resources that people have recommend to me but I haven’t tried them out yet.    Some of the Spyware and Adware removal and here are some of my favorites:

  • SuperAntispyware — Easily remove pests such as WinFixer, SpyAxe, SpyFalcon, and thousands more! Repair broken Internet Connections, Desktops, Registry Editing and more with our unique Repair System.

  • Malwarebytes can provide the needed assistance to remove the infection and restore the machine back to optimum performance.

  • Ad-Aware — This is a very good tool to get rid of some of the most annoying little viruses that try to fool you that you have a virus.

  • Windows Security Trojan Scanner — a Free online scanner to let you see if you might have a Trojan.

  • SmitFraudFix — A great little program to get rid of those Desktop hijacks, those programs that take over your browser or other file system.

If your current antimalware software let an infection through, you may want to consider purchasing the PRO version of SUPERAntiSpyware or Malwarebytes License to protect your computer in the future. SUPERAntiSpyware Professional or Malwarebytes License features highly advanced Real-Time Protection to ensure protection from installation or re-installation of potential threats as you surf the Internet (Both are trusted Vendors by CCSS Forums).

These are just a few that I like to use when it comes to fighting those virus programs and the people behind the virus programs.   If you consider how hard it is sometimes to recognize a virus, you can see the problem with some of the programs they can sometimes  say a file is a virus and delete it and the next thing you know it won’t boot into Windows.  This is what needs to be considered whenever you see a warning on your system so you must be careful when you remove files.  You should always have backups that is what I always recommend because the likely hood of something terrible happening to your data.  You should come up with a way to back up your system every week like a sunday back or even a Monday while your at work backup.