Results 1 to 10 of 10

Thread: 1 in 3 Windows PCs vulnerable to worm attack

  1. #1
    prof_fate Guest

    Default 1 in 3 Windows PCs vulnerable to worm attack

    1 in 3 Windows PCs vulnerable to worm attack Slow corporate patch cycles have led to high infection rates, security expert says<div class="byline_date_toolsuite"><div class="byline_date"><ul>[*]By Gregg Keizer, Computerworld
    January 16, 2009[/list]

    One in three Windows machines is vulnerable to the Downadup worm. A patch was issued in October, but many machines were not fixed. About 3.5 million machines have been infected.




    The worm that has infected several million Windows PCs is causing havoc because nearly a third of all systems remain unpatched 80 days after Microsoft rolled out an emergency fix, a security expert said Thursday.[an error occurred while processing this directive]

    Based on scans of several hundred thousand customer-owned Windows PCs, Qualys concluded that about 30 percent of the machines have not yet been patched with the &quot;out of cycle&quot; fix Microsoft provided Oct. 23 as security update MS08-067.http://www.infoworld.com/article/09/..._attack_1.html


  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: 1 in 3 Windows PCs vulnerable to worm attack

    Got the windows patch issued by MS in last October to be safe from this worm?

    http://www.computerworld.com/action/...icleId=9117958

    If not, then the time is right now to do those windows patches and updates!
    Oldsod.
    Best regards.
    oldsod

  3. #3
    findley Guest

    Default Re: 1 in 3 Windows PCs vulnerable to worm attack

    The latest f-secure numbers have gone to 8 million in four days http://www.f-secure.com/weblog/archives/00001584.html

    It uses multiple infection vectors:
    1. It exploits the MS08-067 vulnerability,
    2. It brute forces Administrator passwords on local networks and spreads through ADMIN$ shares and finally
    3. It infects removable devices and network shares by creating a special autorun.inf file and dropping its own DLL on the device.
    http://isc.sans.org/diary.html?storyid=5695
    MS08-067 Worm Dangers - New Conficker variants manipulate AUTORUN.INF, Spread to 3,000,000 PCs and Servers written by Harry Waldron and posted at bleepingcomputer http://www.bleepingcomputer.com/forums/topic195364.html
    MS08-067 Security Patch Information
    http://www.microsoft.com/technet/security/...n/MS08-067.mspx

    If ever there was a time to patch and stay updated
    - it's now!
    Findley

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: 1 in 3 Windows PCs vulnerable to worm attack

    Nice write up Mr. Findley!
    Oldsod.
    Best regards.
    oldsod

  5. #5
    findley Guest

    Default Re: 1 in 3 Windows PCs vulnerable to worm attack


    <blockquote><hr>Oldsod wrote:
    Nice write up Mr. Findley!
    Oldsod.
    <hr></blockquote>
    Thank you Oldsod
    Best RegardsFindley

  6. #6
    vgonyea Guest

    Default Re: 1 in 3 Windows PCs vulnerable to worm attack

    Could one of you please help me with some basic questions on this?

    I believe that my computer is current and up to date with the MS patches (that is always my intent)....how would I double check this? Every time my system says there is an update I do it, which then often leads to further updates (?) but I do them also. The last time I recall doing this was pobably about 1-2 weeks ago or so. I ask this question because from what I understand one of the things the worm does is shut off the MS updates.

    I run ZoneAlarm Ultra Deep Scan for AV and Deep Inspection Scan for spyware every day. how do I know that it hasn't been compromised? When I view updates it says that the last time my AV and spyware were updated it says yesterday.

    I am very concerned about all of this because on Monday, I had an experience I've never had in my 15 years of computing. All the sudden, my screen went black then &quot;blue screen&quot; with words on it, but I couldn't read the words because my computer shut down immediately afterward. This all happened within seconds. When I turned it back on, the system said that ZoneAlarm shut it down and recommended that I update my software...which I think updates itself automatically (right?). Ever since then, ZoneAlarm has been asking my approval to run R2R (Lenovo rescue &amp; recovery) and svchost when I turn on the computer.

    This was the only post on the entire ZoneAlarm site that I could find related to this concern....which makes me wonder if ZoneAlarm as addressed this in the software?

    I'd really appreciate some reassurance on this from you guys

  7. #7
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: 1 in 3 Windows PCs vulnerable to worm attack

    "how would I double check this?"

    do a manual check and update for the windows update, as the windows update scanner will do both a custom and automatic recommendations for the needed updates.

    http://www.update.microsoft.com/wind....aspx?ln=en-us

    (this is my preferred method of getting the needed and new updates).

    Chances are if you scanned and nothing was found, then the windows has still not been compromised.

    How to not compromise the windows?

    By always updating and patching the windows OS and the supported software, using strong passwords and always running and updating the antivirus scanner.

    And by running the every day or normal usage of windows in the "limited user" account NOT in the administrative account! This is very important as no changes to the windows and no installation of any kind can be done will the limited user account is being used.
    The use of the limited user account alone defeats most of the installs by troyans/spyware/malware/browser bho and dll and toolbar attacks and so forth (even a few rootkits get beaten by the limited user account).
    Most important of all, the limited user account does not need any more resources, comes with the operating system and never needs any updates and is free of any charge or cost.
    And needs no skills or special knowledge.

    And more importantly, by practising "safe hex".... not opening unwanted emails and attachments, downloading only from safe sites, always new scanning media before opening, not running unknown code and files. either locking down the IE to secure the IE or use a "safer" browser such as Firefox or Opera, use an alternative email client other than the outlook express, preventing browser "drivebys" and other unwanted self-installs or attacks, and so forth.

    Your kaspersky based antivirus scanner in the ZAISS has defintions for this worm for some time - I think since last October. So yes you are protected from this recent worm.

    Black screen and blue screen ..... usually if it a legitimate "BSOD", then there is something wrong with the hardware or hardware drivers. Could be anything - all depends on the code given by the bsod message. Often bad memory cards, video cards, failing hdd, out dated drivers for the hardware and so forth are the main causes of the blue screen or BSOD.

    "Lenovo rescue & recovery" and an alert given by the ZA means the Lenovo rescue & recovery was running or ready to be used and it was not seen before until this time.

    Speaking of Lenovo rescue & recovery, you have a diagnostic disk for your lenovo computer or still have service support for this machine?

    Oldsod.
    Best regards.
    oldsod

  8. #8
    findley Guest

    Default MS08-067 Conficker Worm - Mitigation Resources, Cleaning and Prevention Links and Removal Tools for DownAdUp

    Thanks to Harry Waldron over at Bleepingcomputer for the following which I am quoting here:
    The following Microsoft resources have been published to help mitigate Win32/Conficker.B infections

    MS08-067
    Malicious Software Removal tool
    Win32/Conficker.B

    QUOTE: In response to this threat, Microsoft has:


    Updated the January version of the MSFT to detect and remove variants of Win32/Conficker.B. You can download this version from the MSRT from either the Microsoft Update site or through its associatedKnowledge Base article.


    Created the KB article 962007 Virus alert about the Win32/Conficker.B worm to provide public details on the symptoms and removal methods available to address this issue.


    Announced the release of the items and the virus threat itself on the Microsoft Malware Protection Center blog.

    More information:
    http://www.bleepingcomputer.com/forums/topic196717.html

    Stay safe and stay patched

    Findley

    Feb 10, 2009:




    F-Downadup Removal Tool


    Check that you have the most recent version of F-Downadup.

    March 10, 2009:

    New variant W32.Downadup.C Digs in Deeper and there is another removal tool which removes all variants to date of the Conficker Downadup wormDownadup Removal Tool

    http://www.bdtools.net/





    Message Edited by Findley on 02-10-2009 04:02 PM

    Message Edited by Findley on 03-12-2009 08:29 AM

  9. #9
    vgonyea Guest

    Default Re: 1 in 3 Windows PCs vulnerable to worm attack

    Hello Oldsod,

    I just wanted to follow up and let you know that your advice to me back in January was very good and definitely relieved me of concerns...well, except for one part.....

    &quot;And by running the every day or normal usage of windows in the &quot;limited user&quot; account NOT in the administrative account! This is very important as no changes to the windows and no installation of any kind can be done will the limited user account is being used.
    The use of the limited user account alone defeats most of the installs by troyans/spyware/malware/browser bho and dll and toolbar attacks and so forth (even a few rootkits get beaten by the limited user account).
    Most important of all, the limited user account does not need any more resources, comes with the operating system and never needs any updates and is free of any charge or cost.
    And needs no skills or special knowledge.&quot;

    Prior to your response, I had always used an admin account as my primary day-to-day account. I suspect this is a normal error that those who don't know better often create for themselves, as I did. Since our last discussion I have, in fact, created a limited user account. Here is my question...I can't figure out how to copy all of the user settings, document access and program access etc. from my old admin account over to my new limited user account. Basically a complete duplicate of the old account, with the single exception of not being able to install software in the new account.

    I am hoping you could just expand on this conversation and explain a little further - in your kind and thorough manner - exactly how (like step-by-step) to accomplish this task quickly and easily so that I can just pick up with the new account and take off (that would be ideal, of course) without messing anything up along the way.

    Also, when I created the new account, I noticed something called a &quot;Guest&quot; account that appears to be part of the default system. The setting is set to &quot;Off&quot;, but I am wondering if this is also an inherent vulnerability? Should this be deleted

    Some details: Windows XP Pro, SP3, with all of the most current updates completed (per your recommendation). I am fairly savvy...to a point...but layman's terms would be appreciated. I would appreciate your response to this very key security question...this will make me feel more comfortable with the security of my system.

    Thanks, in advance, for your assistance.

  10. #10
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: 1 in 3 Windows PCs vulnerable to worm attack

    Remove the Guest Account - it is a default known to everyone and every hacker.

    To run programs in the limited account, in the admin account, click the program and select 'run as' and set the user account. Note- some third party programs do not run or function in the limited user account by their design and some will, but do not support fast user switching such as the ZA.

    To share documents, click the folders and select 'sharing and security' and some details are given such as drag files/folder to shared documents folders for sharing with other accounts.

    File and Folder Permissions

    Also there is many 'deeper' methods for windows such as the Shared Folders within the Computer Management and changing ownership of files...

    How to take ownership of a file or a folder in Windows XP

    Basically Windows is a business/enterprise model and it is not a true home/end user model and as such it is developed for the IT/computer experts and not from the home users point of view.
    Microsoft has tried to compensate for this with the newer Vista and the coming Windows 7 with limited success - many user using Vista do not use the default limited permissions and still run as 'admin'.

    The limited user account defeats 92 Percent of the exploits found in Windows.
    Without any microsoft patches or upgrades.


    Google 'limited user account microsoft' and there are some good results.

    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •