Identifying and removing Conficker
There’s been a lot of talk about how Conficker is going to create havoc on April 1. Conficker, formally named W32/Conficker.worm, began infecting systems at the end of 2008 by exploiting a vulnerability in Microsoft Windows. Since then McAfee has seen two more variants of this worm and many binaries – files ready to load into memory and execute – that carry the worm’s malicious payload. Conficker.C is the latest variant. Its “call-home protocol” will change on Wednesday, April 1, and may entail an update with some as-yet unknown functionality.
Microsoft has issued a security patch for the vulnerability that the Conficker family has used to propagate. Yet many computer users continue to worry about infection. The information below will help you understand more about the worm, the steps you can take to clean an infected system, and measures to prevent reinfection.
What is the Conficker worm?
Conficker.C is the most recent variant of the Conficker worm. Exposure to Conficker.C is limited to systems that are still infected with the earlier variants, Conficker.A and Conficker.B, which operate by exploiting the MS08-067 vulnerability in Microsoft Windows Server Service. If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Conficker combats efforts at eradication by creating scheduled tasks and/or using autorun.inf files to reactivate itself.
Depending on the specific variant, the worm may spread via LAN, WAN, web, or removable drives, and by exploiting weak passwords. Conficker disables several important system services and security products, and downloads arbitrary files. Computers infected with the worm become part of an “army” of compromised computers and could be used to launch attacks on websites, distribute spam, host phishing websites, or carry out other malicious activities.
How to tell if your system is infected
Symptoms of Conficker infection include the following:
* Access to security-related sites is blocked
* Users are locked out of the directory
* Traffic is sent through port 445 on non-Directory Service (DS) servers
* Access to admininistrator shared drives is denied
* Autorun.inf files are placed in the recycled directory, or trash bin
Steps to remove Conficker and prevent re-infection
We recommend customers take the following steps to remove W32/Conficker.worm and prevent it from spreading:
1. Install Microsoft Security Update MS08-067: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
2. Clean the infected systems, and reboot
Use anti-malware solutions to clean the infection. Use behavioral detection techniques like the buffer overflow protection in Host IPS to prevent future infections. This is important because Conficker can propagate via portable media such as infected USB drives. As the media are accessed, the system processes autorun.inf and executes the attack. For more information, read McAfee Avert Labs’ document “Combating Conficker Worm.”
3. Identify other systems at risk of infection
You need to identify which systems are at risk. The list includes systems that either are not patched against Microsoft vulnerability MS08-067 or do not have proactive protection controls to mitigate the vulnerability. McAfee Vulnerability Manager and ePolicy Orchestrator can identify systems that are vulnerable and not protected.
4. Limit the threat’s ability to propagate
Using network IPS at strategic points in your network will quickly limit the ability of the threat to spread. This gives you time to either update your client anti-virus signatures or modify policies to block the threat using the behavioral controls.
source : mcafee
Home » Archive for May 2009
X-Men Origins: Wolverine is an epic action-adventure featuring a true-to-character Wolverine gameplay experience that takes gamers through and beyond the movie's storyline.
Set in a variety of vivid real-world locales, the title challenges players to hone their animal instinct as they uncover hidden dangers, hunt and destroy enemies, and take on seemingly insurmountable situations while discovering the truth about Wolverine’s tragic past. With razor-sharp adamantium claws unsheathed, the future X-Man enacts lightning-quick combat, evasive maneuvers, in-depth combo attacks, and an array of brutal finishing moves.
Wolverine doesn't just deliver massive damage, either, he also takes it, thanks to his mutant regenerative power that heals him in real time right before the player's eyes.
Uncage Wolverine's tragic past and discover how the ultimate weapon was created. Unleash the razor sharp adamantium claws, feral instincts and mutant regeneration power of the world's fiercest hero. Visceral combat. Pure rage. Epic battles. Take on the impossible in your hunt to uncover the secrets of Weapon X - then exact your revenge.
• OS: Windows XP Sp2/Vista Sp1
• Processor: Pentium D@2.6 GHz or AMD Athlon 64 X2 3800 +
• Memory: 1 GB for XP / 2 GB for Vista
• Hard Drive: 8 GB Free
• Video Memory: 256 MB (Shader Model 3.0 +)
• Sound Card: DirectX Compatible
• DirectX: 9.0c
• Keyboard & Mouse
• DVD Rom Drive
please download at least a file as a free user :) .