rss

Tuesday, August 11, 2009

Conficker Worm: Help Protect Windows from Conficker

This page is designed to provide IT Pro customers the information they need to help protect their systems from the Conficker Worm, or to recover systems that have been infected.

If you are a consumer, please visit Protect Yourself from the Conficker Computer Worm.

About Conficker

On October 23, 2008, Microsoft released a critical security update, MS08-067, to resolve a vulnerability in the Server service of Windows that, at the time of release, was facing targeted, limited attack. The vulnerability could allow an anonymous attacker to successfully take full control of a vulnerable system through a network-based attack, the sort of vectors typically associated with network "worms." Since the release of MS08-067, the Microsoft Malware Protection Center (MMPC) has identified the following variants of Win32/Conficker:

*Also known as Conficker B++
**Also known as Conficker.C and Downadup.C

Protecting PCs from Conficker

  1. Apply the security update associated with MS08-067. View the security bulletin for more information about the vulnerability, affected software, detection and deployment tools and guidance, and security update deployment information.
  2. Make sure you are running up-to-date antivirus software from a trusted vendor, such as Microsoft's Forefront Client Security or Windows Live OneCare. Antivirus software may also be obtained from trusted third parties such as the members of the Virus Information Alliance.
  3. Check for updated protections for security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. The Microsoft Active Protection Program (MAPP) provides partners with early access to Microsoft vulnerability information. For a list of partners and links to their active protections, please visit the MAPP Partners page.
  4. Isolate legacy systems using the methods outlined in the Microsoft Windows NT 4.0 and Windows 98 Threat Mitigation Guide.
  5. Implement strong passwords as outlined in the Creating a Strong Password Policy whitepaper.
  6. Disable the AutoPlay feature through the registry or using Group Policies as discussed in Microsoft Knowledge Base Article 967715. Microsoft released Security Advisory 967940 to notify users that the updates to allow users to disable AutoPlay/AutoRun capabilities have been deployed via automatic updating channels.
    NOTE: Windows 2000, Windows XP, and Windows Server 2003 customers must deploy the update associated with Microsoft Knowledge Base Article 967715 to be able to successfully disable the AutoRun feature. Windows Vista and Windows Server 2008 customers must deploy the security update associated with Microsoft Security Bulletin MS08-038 to be able to successfully disable the AutoRun feature.

Cleaning Systems of Conficker

Manually download the Windows Malicious Software Removal Tool (MSRT) onto uninfected PCs and deploy to infected PCs to clean infected systems.

Conficker Timeline

0 comments:


Post a Comment