Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×

Three Million Hit By Windows Worm

george

By george
in IT and Computers

 Share

Recommended Posts

george Legendary Member

george

Posted
Posted

Three million hit by Windows worm

A worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users.

The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008. Although Microsoft released a patch, it has gone on to infect 3.5m machines.

Anti-virus firm F-Secure says that the worm uses a complicated algorithm to generate hundreds of different domain names every day, such as mphtfrxs.net, imctaef.cc, and hcweu.org. Only one of these will actually be the site used to download the hackers' files. On the face of it, tracing this one site is almost impossible.

Microsoft says that the malware has infected computers in many different parts of the world, with machines in China, Brazil, Russia, and India having the highest number of victims.

More: http://news.bbc.co.uk/2/hi/technology/7832652.stm

-- Webmasterworld.com 2009-01-20

Tywais Star Member

Tywais

Posted
Posted
Where's Reimar when u need him ?

There are two of us that head up the Computer forum. :o I jumped on this one quickly due to having been researching the issue for the last few days because it has hit our university pretty hard. Still cleaning up the mess at our research facility where probably half the computers have been infected. Being IT manager it is an uphill battle trying to get the staff to follow policies I've introduced and will be implementing a more "heavy handed" approach to improve the system security.

Can be very frustrating, especially when I had just sent out a memo a few days before this issue to "lock down" their computers.

vagabond48 Gold Member

vagabond48

Posted
Posted
If you do not have Microsoft Windows Malicious Software Removal Tool you can download it from here > Microsoft

Also Microsoft Windows Defender

Last week, I did have MS update go through and according to the windows update website download history shows that the above Tool KB890830 and a security patch KB958687 were successful installed. I see the usual entries in "add/remove programs" page, log and the $uninstall folder in windows for KB958687, but not for KB890830, so where do I check on my laptop to see if KB890830 was successfully installed.

Should I download and install it again?

johnnybgood Advanced Member

johnnybgood

Posted
Posted

tywais ----thanks--- you're a gentleman!

I followed your instructions easily enough (and I know jack about computers)

and all's well :o

Tywais Star Member

Tywais

Posted
Posted
but not for KB890830, so where do I check on my laptop to see if KB890830 was successfully installed.

From Microsoft:

"If you have Automatic Updates turned on, you have already been receiving new versions of this tool monthly. The tool runs in quiet mode unless it finds an infection. If you have not been notified of an infection, no malicious software has been found that needs your attention."

You can use the Run command and enter Regedit to open the registry editor. Click on Edit > Find and type in RemovalTools in the search box. You should then see an entry called RemovalTools and under it will be MRT. Or directly it is located here > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MRT

You will then see a key called Version Number and will have a number like this > 2B730A83-F3A6-44F5-83FF-D9F51AF84EA0. Look at the bottom of this page to see the version number and the update date and you can see if it is updating.

The program is under Windows\System32 and name is MRT.exe. Under Windows\Debug are the log files called MRT.log and MRTeng.log and they will tell you when it was last run.

Crushdepth Ruby Member

Crushdepth

Posted
Posted
Being IT manager it is an uphill battle trying to get the staff to follow policies I've introduced and will be implementing a more "heavy handed" approach to improve the system security.

Security? :o But it not broken yet!

nikster Diamond Member

nikster

Posted
Posted (edited)

I have a feeling this may be the first of a new generation of worms that don't play nice anymore.

I am wondering about one thing though - where is the UAC when you need it? I am totally shocked that this feature doesn't work as advertised.... not. :o

Beeb article here: http://news.bbc.co.uk/2/hi/technology/7842013.stm

This worm is very innovative when it comes to downloading updates. Other worms before it used two or five domains which were then quickly blocked by ISPs. But not this one, this one generates thousands of different domain names at random every day, and checks them. The hackers now need to only register one of these domains to spread their malware while the ISPs would need to block all of them to prevent this. Very clever.

Edited by nikster

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.






ASEANNOW

ASEANNOW (formerly Thai Visa) Thailand's oldest and most popular forum for expats and foreigners.

Sign up today and have your say

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...