Welcome to WebmasterWorld Guest from

Forum Moderators: bill

Message Too Old, No Replies

Win32/Conficker.A Worm Continues To Exploit UnPatched Machines

12:55 pm on Nov 27, 2008 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
votes: 588

Win32/Conficker.A Worm Continues To [news.cnet.com]Exploit UnPatched Machines
A worm dubbed Win32/Conficker.A is making the rounds on Windows machines, exploiting a security hole that Microsoft released a patch for in October, Microsoft said on Wednesday.

The number of attacks have increased over the past couple of days, exploiting a critical vulnerability that was addressed by security update MS08-067.

"It opens a random port between port 1024 and 10000 and acts like a Web server. It propagates to random computers on the network by exploiting MS08-067. Once the remote computer is exploited, that computer will download a copy of the worm via HTTP using the random port opened by the worm. The worm often uses a .JPG extension when copied over and then it is saved to the local system folder as a random named dll," the posting said.

"It is also interesting to note that the worm patches the vulnerable API in memory so the machine will not be vulnerable anymore. It is not that the malware authors care so much about the computer as they want to make sure that other malware will not take it over too," Microsoft said.

1:07 am on Nov 28, 2008 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 12, 2000
votes: 132

It's stuff like this that has me changing my mind about Automatic Updates from Windows Update. I've starting setting machines that I don't have direct access to on a day-to-day basis to automatically download and install updates from MS. I wouldn't do this on my primary machines or servers, but for other machines I haven't run into any problems recently.
1:30 am on Nov 28, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 29, 2006
votes: 0

Often when I have been asked to look at somebody's PC there is a little yellow shield sitting in the system tray saying "Updates are ready for your computer" - I point to it and the owner innocently says "What's that then?".



Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members