Info Komputer dan ICT

Worm Jenis Win32/Conficker.B
Virus ooooo Virus Kenapa Serang komputer?
Ingat Manusia je boleh kene serang dengan cacing(worm)?

Dimaklumkan bahawa, worm jenis Win32/Conficker.B telah ditemui dan
sedang menyerang sistem win32. kepada pemilik-pemilik cyber cafe anda perlu berjaga-jaga kerana virus ini boleh menyerang komputer lain melalui networking.

Anda dinasihati:

1. Patch semua latest Microsoft security update pada setiap computer(kepada sesiapa yang pakai window crack tuh aku x tanggung)
2. Update semua aplikasi antivirus
3. Enable kan Firewall
4. Run Anti Virus pada sistem

Petikan yang diambil daripada Hospital Taiping
*Win32/Conficker.B attacks!*

We can only assume the malware authors behind the Win32/Conficker.B worm
wanted to make sure 2008 went out with a bang! As the final days of last
year ticked by, reports of active attacks by the Win32/Conficker.B worm
began to accelerate.

Win32/Conficker variants are known to exploit
MS08-067 http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx ,
a vulnerability in Windows Server Service. Conficker is also hard to
remove from affected systems because it utilizes the Access Control List
to lock the malware executable in the system.

Below are some of the noteworthy behaviors for this variant:

* Blocks access to security related websites containing the following
strings:

computerassociates
networkassociates
etrust
panda
sophos
trendmicro
mcafee
norton
symantec
microsoft

For a complete list, please see the Win32/Conficker.B description in our
Virus Encyclopedia:
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=76852
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=76852%20
* Uses a dictionary attack to try to gain access to network shares
(ADMIN$). If successful, Conficker.B drops a copy of itself in the
ADMIN$\system32 directory and creates a scheduled job to execute the
malware copy.

Below you can see the specific malware code which executes this behavior:

[cid:image001.gif@01C97271.355A6FC0]
* Sends malformed packet to available vulnerable targets. The packet
contains the IP address of the attacker system, while Conficker.A's
malformed packet downloads from http://trafficconverter.biz.

Below is a screen capture of the decrypted packet of Conficker.B:

[cid:image002.gif@01C97271.355A6FC0]

Note the visible local IP address and port - this is where the malware
hosts its executable.

A second screen capture, below, shows the malformed packet downloading
Win32/Conficker.B from the source.

[cid:image003.gif@01C97271.355A6FC0]

In order to protect your systems from Win32/Conficker.B, please make
sure you:

1. Patch all your systems with the latest Microsoft security updates.
2. Keep strong passwords for administrator accounts.
3. Have the latest signature updates for your security software.

Kredit Kepada Hospital Taiping