You are currently browsing the Tech Talk with Homerun Networks weblog archives for the day 16. January 2009.
16. January 2009 by Myke.
Strap in folks as this is a nasty little virus.
A new sleeper virus that could allow hackers to steal financial and personal information has now spread to more than eight million computers in what industry analysts say is one of the most serious infections they have ever seen.
The Downadup or Conficker worm exploits a bug in Microsoft Windows to infect mainly corporate networks, where — although it has yet to cause any harm — it potentially exposes infected PCs to hijack.
How serious is it?
It is the most serious large scale worm outbreak we have seen in recent years because of how widespread it is, but it is not very serious in terms of what it does. So far it doesn’t try to steal personal information or credit card details.
Who is affected?
We have large infections in Europe, the United States and in Asia. It is a Windows worm and almost all the cases are corporate networks. There are very few reports of independent home computers affected.
What does it do?
It is a complicated worm most likely engineered by a group of people who have spent time making it very complicated to analyze and remove. The real reason why they have created it is hard to say right now, but we do know how it replicates.
How does it spread?
The worm does not spread over email or the Web. However if an infected laptop is connected to your corporate network, it will immediately scan the network looking for machines to infect. These will be machines that have not installed a patch from Microsoft known as MS08-067. The worm will also scan company networks trying to guess your password, trying hundreds and hundreds of common words. If it gets in, even if you are not at your machine, it will infect and begin spreading to other servers. A third method of spreading is via USB data sticks.
How can I prevent it infecting my machine?
The best way is to get the patch and install it company-wide. The second way is password security. Use long, difficult passwords — particularly for administrators who cannot afford to be locked out of the machines they will have to fix.
What can I do if it has already infected?
Machines can be disinfected. The problem is for companies with thousands of infected machines, which can become re-infected from just one computer even as they are being cleared.
Fear not, it can be fixed very easily with a little patience. First you will need ot make sure you have the trusty old Malwarebytes and a solid (non-McAfee) virus software package. Sorry, those of us at Homerun actually dislike McAfee…too many holes and too slow of an update pattern. Now ensure that your virus software is current and that Malwarebytes is current and ensure that all Windows updates have been run on your PC/laptop/server. Close all programs and start running Malwarebytes and let it finish. Once it is finished, remove all infected areas and reboot if nessecary. Runt he program one last time or until everything is clear. Once Malwarebytes is complete go ahead and run your virus software and let it clear any left-overs if it finds any at all.
Sorry for the delay on getting this posted but we had a case of the flou run through our office…so we were fighting our own little virus actually.
posted by: Myke Reinhold
credit: CNN, Experts Exchange, Homerun-Networks
Posted in Internet, Security, Microsoft | 3 Comments »