US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems

30/03/09, US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems
From: CERT Advisory <cert-advisory@cert.org>

Generated by MHonArc

CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.
Search

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


To: cert-advisory@cert.org
Subject: US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems
From: CERT Advisory <cert-advisory@cert.org>
Date: Sun, 29 Mar 2009 21:37:12 -0400
List-archive: <http://www.cert.org/>
List-help: <http://www.cert.org/>, <mailto:Majordomo@cert.org?body=help>
List-owner: <mailto:cert-advisory-owner@cert.org>
List-post: NO (posting not allowed on this list)
List-unsubscribe: <mailto:Majordomo@cert.org?body=unsubscribe%20cert-advisory>
Organization: CERT(R) Coordination Center - +1 412-268-7090

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                    National Cyber Alert System

              Technical Cyber Security Alert TA09-088A


Conficker Worm Targets Microsoft Windows Systems

   Original release date: March 29, 2009
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Windows


Overview

   US-CERT is aware of public reports indicating a widespread
   infection of the Conficker worm, which can infect a Microsoft
   Windows system from a thumb drive, a network share, or directly
   across a network if the host is not patched with MS08-067.


I. Description

   The presence of a Conficker infection may be detected if a user is
   unable to surf to the following websites:
   
   * http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
   * http://www.mcafee.com
   
   If a user is unable to reach either of these websites, a Conficker
   infection may be indicated (the most current variant of Conficker
   interferes with queries for these sites, preventing a user from
   visiting them).  If a Conficker infection is suspected, the
   infected system should be removed from the network. Major
   anti-virus vendors and Microsoft have released several free tools
   that can verify the presence of a Conficker infection and remove
   the worm. Instructions for manually removing a Conficker infection
   from a system have been published by Microsoft in
   http://support.microsoft.com/kb/962007.


II. Impact

   A remote, unauthenticated attacker could execute arbitrary code on
   a vulnerable system.


III. Solution

   US-CERT encourages users to prevent a Conficker infection by
   ensuring all systems have the MS08-067 patch (part of Security
   Update KB958644, which was published by Miscrosoft in October
   2008), disabling AutoRun functionality (see
   http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and
   maintaining up-to-date anti-virus software.


IV. References

 * Virus alert about the Win32/Conficker.B worm -
   <http://support.microsoft.com/kb/962007>

 * Microsoft Security Bulletin MS08-067 - Critical -
   <http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>

 * Microsoft Windows Does Not Disable AutoRun Properly -
   <http://www.us-cert.gov/cas/techalerts/TA09-020A.html>

 * MS08-067: Vulnerability in Server service could allow remote code
   execution -
   <http://support.microsoft.com/kb/958644>

 * The Conficker Worm -
   <http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm>

 * W32/Conficker.worm -
   <http://us.mcafee.com/root/campaign.asp?cid=54857>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA09-088A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA09-088A Feedback VU#827267" in
   the subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2009 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History
  
  March 29, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSdAg4XIHljM+H4irAQJ16Af9G3xHegmJB2Nx9u6J3kl8un/2Tz5J40sr
DW/GTU0rvHtXDg/2Xs3Gv2IHYWqBRWG6HjZ1FbuTWbBqHvlWk0QVrjeeihNeXElP
hp+ZRN6y+tHDCPRz1XT2YLE3zDldLv4v2c9YmsIEVdICiQZYe6Y/ECKNDWXcUzNt
EweRdI6/ZsAnyfZU24TxESH0L2/vQ4Qb3bRReCcVK4SWhno4cewsiiM5eAXs2EOP
VcSH6UnEE2V/841IHcCV9i5NM7aO2VDvh1lolsr/HvpWROThKslLX/FO2nIdA78d
ktvdaddRdHhJAWOkErlT8cj3nGXj0g2H1HQcDK8Nua/gEc2zOfog/Q==
=sk7E
-----END PGP SIGNATURE-----

Previous message sorted by date: US-CERT Technical Cyber Security Alert TA09-069A -- Microsoft Updates for Multiple Vulnerabilities
Next message sorted by date: US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems
Previous message sorted by thread: US-CERT Technical Cyber Security Alert TA09-069A -- Microsoft Updates for Multiple Vulnerabilities
Next message by thread: US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems
Main Index
Thread Index

CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: Jan 2010