Thursday, June 11, 2009

Conficker : one of most dreaded worm of 2008

(also known as Downup, Downadup and Kido)
targets Microsoft Windows operating system, first detected in November 2008.
Believed to be the largest computer worm infection since the 2003 SQL Slammer.

If got infected try it:
Microssoft's Live Online Scan
download and run this utility on your infected machine

Its Nature:
* Extracts all of its files to the %System% directory with random DLL file names, which can wreak havoc on your computer.
* Deletes the user's Restore Points.
* Registers a services called Netsvcs
* Creates scheduled tasks that execute all of the DLL files.
* Creates it's own simple HTTP server on the infected computer and spreads the worm to other computers in the network through file shares.
* Creates an Autorun.inf file in file shares to execute the warm files once the share is accessed by another computer.
* Connects to external sites to download additional files.

This exploits vulnerability called MS08-067 in Windows 2000, XP, and Server 2003.
Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability.

Click Image To Enlarge It

For Detailed Information : Click Here

No comments:

Post a Comment