Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

1/12/2009
03:26 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Panda Issues Orange Alert For Malicious Conficker Worm

Conficker is a family of worms that exploits vulnerability on Microsoft Windows in order to spread

GLENDALE, Calif., Jan. 12, 2009 - PandaLabs, Panda Security's malware analysis and detection laboratory, today issued an orange alert warning against the malicious Conficker worm, a new family of computer worm has already infected thousands of computers worldwide. PandaLabs has located three variants of this malicious code (Conficker A, B and C).The first known infections of this worm were seen at the end of November 2008, although it was after the holiday season when a dramatic increase in its activity was observed.

This worm propagates by exploiting vulnerability MS08-067 in the Microsoft Windows server service and spreads by using specially crafted Remote Procedure Calls (RPC) to other machines. Vulnerable machines will then download a copy of the worm, making them infected as well. RPC is a protocol that permits remote code injection to a networked computer, which in this case, allows the worm creator to take control of the infected machines remotely.

The worm also propagates through USB memory devices such as USB Drives or MP3 players. Increasing the threat, this worm constantly updates, downloading new versions of itself onto infected machines and through different and changing IPs, making it difficult to block. At the same time, some variants are designed to download other malware onto an infected computer. This is an indication that the worm authors are preparing to carry out a large scale attack in the near future using the infected machines.

"The most likely scenario is that cybercriminals are looking to quickly infect a large number of computers. Once infected, secondary infections designed for economic gain can be easily downloaded onto the compromised machines," said Ryan Sherstobitoff, Chief Corporate Evangelist for Panda Security. "Examples of this type of malware are Trojans designed to steal online banking passwords, or rogue antimalware programs that create pop-ups constantly telling the user their computer is infected. This type of infection makes it almost impossible to use the computer until users buy and install the appropriate remedy." This type of worm is very similar to those seen years ago such as the ones responsible for the "Melissa" and "I love you" outbreaks. Similar to those, Conficker attempts to infect the maximum number of computers possible. The difference is while those worms propagated via floppy disk, this one uses USB devices.

To check if your computer is infected with a variant of Conficker, PandaLabs recommends:

- Corporate IT Administrators check their machines for possible vulnerabilities.

- Servers and Workstations be patched by following the Microsoft Bulletin related to this vulnerability, available here: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

- Disinfect affected machines using Panda Security's Malware Radar for corporate networks, or ActiveScan for personal computers.

- Disable AutoRun for USB devices

- Make sure that all antivirus and security solutions are updated to their latest product version and signature file version.

Panda Security products proactively detect this family of worms leaving its users protected against all times from this threat. More information can be obtained from the Panda Research Blog: http://research.pandasecurity.com/archive/Warning_3A00_-Conficker-worm-infections-gaining-traction.aspx

About PandaLabs Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions. Currently, 94 percent of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients. More information is available in the PandaLabs blog: http://www.pandalabs.com and the Panda Security website: www.pandasecurity.com/usa.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26250
PUBLISHED: 2020-12-01
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by ...
CVE-2020-28576
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
CVE-2020-28577
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
CVE-2020-28582
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
CVE-2020-28583
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.