Announcement

Collapse
No announcement yet.

Conflicker worm due to strike on 1st April

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Conflicker worm due to strike on 1st April

    Hi All,

    As you are no doubt aware, the latest threat to the network (and the internet at large) is Conflicker.

    Conflicker is standalone malicious program which uses computer or network resources to make complete copies of itself and may include code or other malware to damage both the system and the network.

    This “worm” is due to strike on the 1st of April.

    Experts on the forum could you please advice what are the precautions.

    Cheers,

    Pankajb
    Last edited by pankajb; 30th March 2009, 01:47.

  • #2
    Re: Conflicker worm due to strike on 1st April

    Hi,

    Firstly make sure your systems are fully patched with [KB 958644 (MS08-067)].
    The supposed attack will only affect the infected systems so make sure you have done your best to remove it from your system before then and follow the relevant guidelines to minimise its spreading.
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Conflicker worm due to strike on 1st April

      And you might also check this out:
      http://www.doxpara.com/?p=1285
      and this:
      http://iv.cs.uni-bonn.de/wg/cs/appli...ing-conficker/
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: Conficker worm due to strike on 1st April

        Hi Dumber & L4ndy,
        Many thanks for your replies.

        All our Server and workstations are fully patched with [KB 958644 (MS08-067)].

        As given in http://support.microsoft.com/kb/962007, I have also created a Workstation Conficker Prevention GPO- to do the following:
        • Remove Admin and System permission on Svchost and Task.
        • Turn autoplay off
        • Disable Adminstrator account on all workstation.

        Don't have much time, but if you guys or anyone implementing the same happen to come online, could you please tell me if I should create a similar GPO for all Servers as well.

        As per MS, it says not to use the same GPO for Domain Controllers as it may disable the Domain Admin password. My Domain Controllers and Member Servers are on different OU hence I can create two separate GPO and implement as follows:
        1. One GPO similar to Workstation Conficker Prevention GPO and link to the Server OU.
        2. One GPO similar to Workstation Conficker Prevention GPO but with the exception of disabling Admin password and implement on the Domain Controllers OU.

        Could you also kindly tell me what are the symptoms that will showup if any workstation or Server is infected ?

        Cheers,

        Pankajb
        Last edited by pankajb; 31st March 2009, 04:16.

        Comment


        • #5
          Re: Conflicker worm due to strike on 1st April

          Hi,
          As far as symptoms are concerned have a look at Some of them:
          • Account lockout policies being reset automatically.
          • Certain Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender and Error Reporting Services disabled.
          • Domain controllers responding slowly to client requests.
          • Unusual amounts of traffic on local area networks.
          • Websites related to antivirus software becoming inaccessible.

          Ref:http://en.wikipedia.org/wiki/Conficker

          Most of those are mentioned on the MS site as well.
          When you Google it there are loads of websites that come back with a result but some of them don't appear to be genuine and are taking advantage of the situation to promote their anti spyware products etc.

          Google Conficker symptoms and check different forum threads from people with the same problem.
          Also some popular AV vendors have got a section regarding this virus.

          Hope it helps
          Caesar's cipher - 3

          ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

          SFX JNRS FC U6 MNGR

          Comment


          • #6
            Re: Conflicker worm due to strike on 1st April

            I wonder if Chicken Little will get this one wrong as well.
            1 1 was a racehorse.
            2 2 was 1 2.
            1 1 1 1 race 1 day,
            2 2 1 1 2

            Comment


            • #7
              Re: Conflicker worm due to strike on 1st April

              Guys, there is no need to be fraid for your machines tomorrow, if you are not infected...

              GPOs and security settings should be applied way before conficker


              I don`t belive something will happen tomorrow, at least it won`t be seen by us probably...

              Its classic botnet...

              Comment


              • #8
                Re: Conflicker worm due to strike on 1st April

                Just go on vacation like I did.

                Comment


                • #9
                  Re: Conflicker worm due to strike on 1st April

                  Originally posted by Garen View Post
                  Just go on vacation like I did.
                  I think the internets will be crippled, all communication of any type will halt and the storm troopers will invade our houses. If you need me, I'll be quivering under my coffee table wearing a pith helmet and clutching a shotgun. I've got room and ammunition for a few more if anyone is interested. Oh, and some chocolates and tea.
                  Wesley David
                  LinkedIn | Careers 2.0
                  -------------------------------
                  Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                  Vendor Neutral Certifications: CWNA
                  Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                  Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                  Comment


                  • #10
                    Re: Conflicker worm due to strike on 1st April

                    Chocolates and tea? I'm there. Say, you don't happen to have any of those little crackers with the... oh, never mind. I'll bring some with me.

                    Comment


                    • #11
                      Re: Conflicker worm due to strike on 1st April

                      Originally posted by joeqwerty View Post
                      Say, you don't happen to have any of those little crackers with the... oh, never mind. I'll bring some with me.
                      And some Remington Slugger 2-1/2'' 4-10 Gauge Rifled Slug Shotshells - 1/5 oz while you're at the store. I think they're right next to the breakfast cereals.
                      Wesley David
                      LinkedIn | Careers 2.0
                      -------------------------------
                      Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                      Vendor Neutral Certifications: CWNA
                      Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                      Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                      Comment


                      • #12
                        Re: Conflicker worm due to strike on 1st April

                        Gotcha, one box of ammo and one box of Frosty Flakes.

                        Comment


                        • #13
                          Re: Conflicker worm due to strike on 1st April

                          Originally posted by Garen View Post
                          Just go on vacation like I did.
                          And what I did.
                          I'm away for the next 3 days
                          Marcel
                          Technical Consultant
                          Netherlands
                          http://www.phetios.com
                          http://blog.nessus.nl

                          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                          "No matter how secure, there is always the human factor."

                          "Enjoy life today, tomorrow may never come."
                          "If you're going through hell, keep going. ~Winston Churchill"

                          Comment


                          • #14
                            Re: Conflicker worm due to strike on 1st April

                            Originally posted by biggles77 View Post
                            I wonder if Chicken Little will get this one wrong as well.
                            This sounds way familiar. Michelangelo virus anyone?
                            Andrew

                            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                            Comment


                            • #15
                              Re: Conflicker worm due to strike on 1st April

                              Exactly. Also sounds like the Y2K bug and any one of a number of "Dooms Day" events. IMHO, care and caution should be exercised, systems should be patched, and AV definitions updated. If you've done all this then you've performed your responsibilities with due dilligence and should take a wait and see attitude beginning tomorrow morning.

                              Comment

                              Working...
                              X