Microsoft steps on Conficker worm
Tuesday, September 15, 2009
Using virus protection features already in place for the upcoming release of Windows 7, Microsoft retroactively applied security fixes to its older operating systems yesterday in order to help stop the spread of the Conficker worm.
The worm, which can be used to remotely access infected computers, copies itself to any USB storage devices connected to an infected machine. Microsoft's fix alters Windows' "autoplay" functionality so that the worm does not spread automatically if an infected USB device is connected to an uninfected computer.
The fix must be downloaded manually from Microsoft's website, and will not be automatically installed by Windows Update or other automatic update services. The Conficker worm propagates via network shares as well as USB storage devices, and can lock down an entire network even if only one computer is infected. It does this by attempting to log into every computer on the network and triggering system lockouts after too many failed attempts.
Microsoft had promised the fix as long ago as April but refused to set a definite timeline. The fix was not released until August 25.
Related News:
Conficker still a threat to web security - 3.18.2010
The Conficker worm was by far the most notorious piece of malware in 2009 for several reasons. Not only did it receive media attention and infect more computers than any other strain, according to Katonda, a business technology website, it reminded web security professionals of bygone days when major epidemics were the norm.
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
|
