Search
Search titles only
By:
Search titles only
By:
Log in
Register
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Forums
New posts
All threads
Latest threads
New posts
Trending threads
Trending
Search forums
What's new
New posts
New ads
New profile posts
Latest activity
Free Ads
Latest reviews
Search ads
Members
Current visitors
New profile posts
Search profile posts
Contact us
Latest ads
NURSING , CAREGIVER , HOTEL & BEAUTY COURSES
IVA Para Medical Campus
Updated:
Yesterday at 9:24 AM
Handmade Character Soft Toys Peppa Pig Family
anil1961
Updated:
Wednesday at 9:58 PM
Ad icon
Video Content Creator
pramukag
Updated:
Sunday at 6:10 AM
Ad icon
QA Engineer Intern
pramukag
Updated:
Sunday at 6:07 AM
Ad icon
Sell your Land, House on idamata.lk for FREE
sajith.xp.pk
Updated:
Jun 25, 2026
Electronics
Vehicles
Property
Search
Reply to thread
Forums
Computers & Internet
Downloads
All Anti-Virus Software (Mega Tread Updating!!)
Get the App
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="gnate3_2009" data-source="post: 4241913" data-attributes="member: 169898"><p><strong>McAfee Threat Center - News</strong></p><p></p><p>McAfee Threat Center - News</p><p></p><p><strong>Identifying and removing Conficker</strong></p><p></p><p>There’s been a lot of talk about how Conficker is going to create havoc on April 1. Conficker, formally named W32/Conficker.worm, began infecting systems at the end of 2008 by exploiting a vulnerability in Microsoft Windows. Since then McAfee has seen two more variants of this worm and many binaries – files ready to load into memory and execute – that carry the worm’s malicious payload. Conficker.C is the latest variant. Its “call-home protocol” will change on Wednesday, April 1, and may entail an update with some as-yet unknown functionality.</p><p></p><p>McAfee already offers protection from the Conficker worm in its endpoint and network products, and Microsoft has issued a security patch for the vulnerability that the Conficker family has used to propagate. Yet many computer users continue to worry about infection. The information below will help you understand more about the worm, the steps you can take to clean an infected system, and measures to prevent reinfection.</p><p></p><p><strong>What is the Conficker worm?</strong></p><p></p><p>Conficker.C is the most recent variant of the Conficker worm. Exposure to Conficker.C is limited to systems that are still infected with the earlier variants, Conficker.A and Conficker.B, which operate by exploiting the MS08-067 vulnerability in Microsoft Windows Server Service. If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Conficker combats efforts at eradication by creating scheduled tasks and/or using autorun.inf files to reactivate itself.</p><p></p><p>McAfee has identified thousands of binaries that carry the Conficker payload. Depending on the specific variant, the worm may spread via LAN, WAN, web, or removable drives, and by exploiting weak passwords. Conficker disables several important system services and security products, and downloads arbitrary files. Computers infected with the worm become part of an “army” of compromised computers and could be used to launch attacks on websites, distribute spam, host phishing websites, or carry out other malicious activities.</p><p></p><p><strong>How to tell if your system is infected</strong></p><p></p><p>Symptoms of Conficker infection include the following:</p><p>Access to security-related sites is blocked</p><p>Users are locked out of the directory</p><p>Traffic is sent through port 445 on non-Directory Service (DS) servers</p><p>Access to admininistrator shared drives is denied</p><p>Autorun.inf files are placed in the recycled directory, or trash bin</p><p></p><p> </p><p><strong>Steps to remove Conficker and prevent re-infection</strong></p><p></p><p>We recommend customers take the following steps to remove W32/Conficker.worm and prevent it from spreading:</p><p>Install Microsoft Security Update MS08-067: <a href="http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx" target="_blank">http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx</a></p><p>Clean the infected systems, and reboot</p><p>Use anti-malware solutions such as McAfee VirusScan Plus or ToPS for Endpoint to clean the infection. Use behavioral detection techniques like the buffer overflow protection in Host IPS to prevent future infections. This is important because Conficker can propagate via portable media such as infected USB drives. As the media are accessed, the system processes autorun.inf and executes the attack. For more information, read McAfee Avert Labs’ document “Combating Conficker Worm.”</p><p>Identify other systems at risk of infection</p><p>You need to identify which systems are at risk. The list includes systems that either are not patched against Microsoft vulnerability MS08-067 or do not have proactive protection controls to mitigate the vulnerability. McAfee Vulnerability Manager and ePolicy Orchestrator can identify systems that are vulnerable and not protected.</p><p>Limit the threat’s ability to propagate</p><p>Using network IPS at strategic points in your network will quickly limit the ability of the threat to spread. This gives you time to either update your client anti-virus signatures or modify policies to block the threat using the behavioral controls.</p><p></p><p><strong>McAfee Products Coverage for Conficker </strong></p><p></p><p>McAfee VirusScan Plus</p><p></p><p>McAfee Internet Security</p><p></p><p>McAfee Total Protection </p><p></p><p>The latest signature (DAT) files include detection and repair for this worm, if you have performed an update recently you are already covered.</p><p></p><p></p><p>ToPS Endpoint & ToPS Service </p><p></p><p>The signature (DAT) files include detection and repair for this worm</p><p></p><p>Buffer overflow protection in scan engine and Generic Buffer Overflow in host IPS are expected to cover code-execution exploits. Host IPS also includes signature for “Vulnerability in Server Service Could Allow Remote Code Execution” (CVE-2008-4250)</p><p></p><p></p><p>Network Security Platform (IntruShield) </p><p></p><p>Includes coverage for “Microsoft Server Service Remote Code Execution Vulnerability"</p><p></p><p></p><p>McAfee Network Access Control (NAC) </p><p></p><p>Identifies nodes that have not been patched and denies them access to the network unless they are updated</p><p></p><p></p><p>McAfee Vulnerability Manager (VM) </p><p></p><p>Includes coverage for MS08-067. Identifies machines vulnerable to infection by Conficker as well as machines infected by Conficker C</p><p></p><p></p><p>McAfee Web Gateway (formerly Webwasher) </p><p></p><p>Includes signature to detect and block the worm at the gateway</p><p></p><p></p><p>McAfee Conficker Detection Tool </p><p></p><p>Identifies machines infected by Conficker.C</p></blockquote><p></p>
[QUOTE="gnate3_2009, post: 4241913, member: 169898"] [b]McAfee Threat Center - News[/b] McAfee Threat Center - News [B]Identifying and removing Conficker[/B] There’s been a lot of talk about how Conficker is going to create havoc on April 1. Conficker, formally named W32/Conficker.worm, began infecting systems at the end of 2008 by exploiting a vulnerability in Microsoft Windows. Since then McAfee has seen two more variants of this worm and many binaries – files ready to load into memory and execute – that carry the worm’s malicious payload. Conficker.C is the latest variant. Its “call-home protocol” will change on Wednesday, April 1, and may entail an update with some as-yet unknown functionality. McAfee already offers protection from the Conficker worm in its endpoint and network products, and Microsoft has issued a security patch for the vulnerability that the Conficker family has used to propagate. Yet many computer users continue to worry about infection. The information below will help you understand more about the worm, the steps you can take to clean an infected system, and measures to prevent reinfection. [B]What is the Conficker worm?[/B] Conficker.C is the most recent variant of the Conficker worm. Exposure to Conficker.C is limited to systems that are still infected with the earlier variants, Conficker.A and Conficker.B, which operate by exploiting the MS08-067 vulnerability in Microsoft Windows Server Service. If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Conficker combats efforts at eradication by creating scheduled tasks and/or using autorun.inf files to reactivate itself. McAfee has identified thousands of binaries that carry the Conficker payload. Depending on the specific variant, the worm may spread via LAN, WAN, web, or removable drives, and by exploiting weak passwords. Conficker disables several important system services and security products, and downloads arbitrary files. Computers infected with the worm become part of an “army” of compromised computers and could be used to launch attacks on websites, distribute spam, host phishing websites, or carry out other malicious activities. [B]How to tell if your system is infected[/B] Symptoms of Conficker infection include the following: Access to security-related sites is blocked Users are locked out of the directory Traffic is sent through port 445 on non-Directory Service (DS) servers Access to admininistrator shared drives is denied Autorun.inf files are placed in the recycled directory, or trash bin [B]Steps to remove Conficker and prevent re-infection[/B] We recommend customers take the following steps to remove W32/Conficker.worm and prevent it from spreading: Install Microsoft Security Update MS08-067: [url]http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx[/url] Clean the infected systems, and reboot Use anti-malware solutions such as McAfee VirusScan Plus or ToPS for Endpoint to clean the infection. Use behavioral detection techniques like the buffer overflow protection in Host IPS to prevent future infections. This is important because Conficker can propagate via portable media such as infected USB drives. As the media are accessed, the system processes autorun.inf and executes the attack. For more information, read McAfee Avert Labs’ document “Combating Conficker Worm.” Identify other systems at risk of infection You need to identify which systems are at risk. The list includes systems that either are not patched against Microsoft vulnerability MS08-067 or do not have proactive protection controls to mitigate the vulnerability. McAfee Vulnerability Manager and ePolicy Orchestrator can identify systems that are vulnerable and not protected. Limit the threat’s ability to propagate Using network IPS at strategic points in your network will quickly limit the ability of the threat to spread. This gives you time to either update your client anti-virus signatures or modify policies to block the threat using the behavioral controls. [B]McAfee Products Coverage for Conficker [/B] McAfee VirusScan Plus McAfee Internet Security McAfee Total Protection The latest signature (DAT) files include detection and repair for this worm, if you have performed an update recently you are already covered. ToPS Endpoint & ToPS Service The signature (DAT) files include detection and repair for this worm Buffer overflow protection in scan engine and Generic Buffer Overflow in host IPS are expected to cover code-execution exploits. Host IPS also includes signature for “Vulnerability in Server Service Could Allow Remote Code Execution” (CVE-2008-4250) Network Security Platform (IntruShield) Includes coverage for “Microsoft Server Service Remote Code Execution Vulnerability" McAfee Network Access Control (NAC) Identifies nodes that have not been patched and denies them access to the network unless they are updated McAfee Vulnerability Manager (VM) Includes coverage for MS08-067. Identifies machines vulnerable to infection by Conficker as well as machines infected by Conficker C McAfee Web Gateway (formerly Webwasher) Includes signature to detect and block the worm at the gateway McAfee Conficker Detection Tool Identifies machines infected by Conficker.C [/QUOTE]
Insert quotes…
Verification
Asuwa dahayen wadi kalama keeyada?
Post reply
Top
Bottom