Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

1/23/2009
03:05 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

K7 Computing Develops Tool To Neutralize Confickr/Downadup Worm

K7Downadup Remover Tool is a console application that scans and removes Worm.Win32.Downadup malware files and associated registry entries from an infected machine

Chennai, TN 23rd January 2009 - K7 Computing, one of the leading information security software companies, has created a solution to the Internet worm "Downadup" (also known as Conficker) which exploits the Microsoft Windows Server Service. This vulnerability could allow remote code execution, which may result in easy exploitation of the Windows computers by the attacker without authentication. To counter this latest security threat K7 Antivirus Experts have developed "K7Downadup Remover Tool" - a solution that neutralizes this family of threats.

On analysing this worm, K7 Virus Experts have found that the worm may hook the system start up and would be present in the Windows Registry in several random names such as boot, center, config, driver, installer, image, universal etc. Also, the worm is smart enough to attempt to abort any security protection by searching for process strings including Symantec, ESET, Kaspersky, K7 and many more. Although all K7 Antivirus users are protected from infection by the latest updates, previously infected and unprotected machines may need to clean up their computers first, to neutralize this security threat. Users should also patch their Windows Operating system with Patch MS08-067. K7 Security experts also advise disabling the Autorun feature of Windows by following the instructions found here http://support.microsoft.com/kb/953252.

K7 Computing is now providing a simple tool to aid removal for infected users. The "K7DownadupRemover" tool is a console application that scans and removes Worm.Win32.Downadup malware files and associated registry entries from an infected machine. It also uses a generic & heuristic method to identify the presence of this malware and even quarantines this in a minimal time, to protect the users' PC from further infection. "This worm is a salutary reminder to all users not to be complacent about patching operating systems and to use and keep their anti-virus products updated" said Andrew Lee, Chief Technology Officer at K7 Computing. "The fix has been available from Microsoft for some three months now, and would have prevented much of this current chaos caused by the Conficker worm, disabling Auto-run is also an extremely good idea."

To view more details about the worm and the manual neutralizing procedure visit http://www.k7computing.com/index.php/component/option,com_k7virus/Itemid,94/id,526/view,showvirus/ or http://support.microsoft.com/kb/962007 To learn more about K7 Computing, please visit " http://www.k7computing.com About K7 Computing: K7 Computing is a leading information security software solutions company providing Anti-virus and TotalSecurity (Firewall, Antivirus, Anti-spam, Anti-Spyware, Privacy Control & System monitor) to protect individuals and organizations from IT threats like viruses, malware, spyware and other potential hacker attacks.

Founded in 1991, the company has in the past few years created Virus Security, which has gone on to become the fastest selling desktop security solution in Japan, with over 7 million users, and gaining acceptance in worldwide markets. Currently it is the No.1 Desktop Security product in Japan. Today K7 Computing, with its track record of Total Internet Security suite innovation, characteristic, compact engineering and swift response to evolving consumer expectations, is poised to widen its horizons all over the world. For more information visit: http://www.k7computing.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18629
PUBLISHED: 2021-03-04
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a com...
CVE-2019-18628
PUBLISHED: 2021-03-04
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information dis...
CVE-2021-21331
PUBLISHED: 2021-03-03
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive info...
CVE-2021-27940
PUBLISHED: 2021-03-03
resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.
CVE-2021-21312
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/documen...