Confiker hits 9m computers

It is funny how security works, isn’t it? When you think you got rid of the old-school (aka “stupid”) threats, reality hits you right back. Confiker/Downadup is a simple worm;  it exploits a Microsoft Windows vulnerability, that can only be utilized over a local network as it uses the SMB protocol, and uses an initial infection vector of running an “autorun” on removable media (usually USB drives).

Why is it so annoying? Well, getting to 9 million infected machines (as per external reports) is pretty impressive for such a classic infection vector (considering that there is no communication attack vector at all – no internet needed, no email attachment…). I thought that these infections were mostly in large companies that fail to properly patch their systems. Reality check again; as I’m speaking in a security sales summit, and working with the local hotel Business Center, I hand over my USB stick for them to print a PDF, and get it back with… you guessed it. Confiker.

Funny at first, but sad when you realize the amount of non-technical debugger-less users that plug the thing back in and have autorun immediately infect their system.

Read More

Computer Worm – Downadup, Kido or Conficker infects millions of system, Here’s the Solution for you...

A computer worm Kido also known as downup, Downadup and evenConficker, has been exploiting millions of systems. This vulnerability affects Microsoft Windows Server Services. The major impact was on Windows 2000, Windows XP, Windows Vista, Windows 2003, Windows Server 2008 operating systems. This small piece of malware has created an bigger infection globally infect 9+ millions of computers. This worm enters into the system via internet, or even via removable drives which is already been infected. This worm also arrives via email attachments. So it’s always good to scan your email messages and also run a periodic scan to your computer to kill such kind of viruses and worms.

Coming back to the title this Downadup worm once start infecting the system drops multiple files and registry entries including its own entries. This also makes entries in possibly vulnerable i.e. have security holes and gets in to malicious components in the system. AS it makes registry entries it automatically starts running in every system start-up. You many ask question what does this infection cause? The answer is it does use its own SMTP i.e. Simple Mail Transfer Protocol, which is used to send emails. This worm once infects the system, and the user uses the system to send an email, it sends an attachment along with the mail which contains this worm to infect the recipient PC too. The main target of this worm is the windows operation system and its address book.

The real sign is that though the companies which have got strict security policies and procedure followed in their organisations fail to update the security patches. So such companies which has failed to update its security patches in its server – the worm uses the hole, we term as vulnerability and gets in to the system to infect the server. Being an organisation, it is connected to multiple computers and each user may send emails to other companies which they do business with. If the receiver of the mail has got a proper security patch he is saved, else his network also would be infected.

The some top antivirus companies such as Kaspersky, Trend Micro,K7 Computing Internet Security Solutions and many more has come with their solution to protect the infected system and kill the worm in your system if infected. If you would like to download a free tool to remove the worm from your infected system, Click “Downadup, Kido, Conficker Remover Free Tool” for free download.

Also update your computer with the latest security patches, so that you and your system can be protected from such kind of internet threats. Download your Microsoft Security Patch fromhttp://www.microsoft.com/security/portal/Entry.aspx to protect your Computer from Downadup/Conficker.

Read More