NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
Conflicker Worm - April Fools Day Likely To Make Fools Out Of Us Either Way
The "Conflicker" worm is set to trigger on April 1st. This one is certainly getting a lot of press. If it goes off and causes a lot of harm everyone will look like fools for not taking it seriously. But if everyone spends tons of additional time and effort on detection and prevention and nothing happens you'll still look foolish. We've included links to basic prevention and removal information below.No Longer Supported
What makes Conflicker more of a threat than many worms is that it does a fairly effective job of hiding its self from the most common antivirus programs and prevents computers from contacting antivirus websites. Once infected users will most likely be prevented from getting antivirus updates that might detect Conflicker. Prevention is key.

Here is what you can do to greatly lessen the threat from Conflicker:
  • Make sure your computer has MS Security Update MS08-067 applied. Going to Windows Update and installing everything available under the "Express" button should take care of it.
  • Ensure that your antivirus program is up to date and that the definition (or signature) files have been downloaded and applied.
  • If you have host based intrusion detection software (such as ZoneAlarm or Cisco Security Agent) make sure that its working and up to date. You can download the free ZoneAlarm version here. (Cisco Security Research and Operations has tested Cisco Security Agent (CSA) to verify that it prevents the malicious actions initiated by the worm and also active exploitation of the Microsoft Windows Server service RPC request handling code execution vulnerability. As a result, attempts to infects systems and to propagate using this method by the worm are mitigated. Based on the characteristics of the vulnerability, Cisco expects that Cisco Security Agent will prevent other similar exploitation attempts as well.)
  • Make sure you use strong Windows passwords on any administrator accounts. The worm tries to brute force admin passwords. Make sure you have a good password that includes numbers, special characters, and a mixture of upper and lower case letters.
  • Disable the Windows Autorun feature. US-CERT.GOV has instructions and links on how to do this. Correctly disabling Autorun blocks one of the methods Conflicker uses to spread and prevents several other worms from infecting your computer as well.


If you suspect a computer is infected with Conflicker run one or more of the removal tools (you can find a list at the SANS.ORG link below. One of the free online malware scanning tools should also be able to remove it. These have the advantage of being able to remove any other malware that may be on your computer or that Conflicker installed for you. If you do not have an up to date anti-virus program installed now is the time to install one, there are even some very good free anti-virus / anti-spyware programs available.

Microsoft Conflicker Information http://www.microsoft.com/conficker

The good people at SANS have done an excellent job of putting together a list of sites providing information and removal tools related to the Conflicker worm, you can find it at http://isc.sans.org/conficker.

SANS article: "April 1st - What Will Really Happen?"

F-Secure Questions and Answers: Conficker and April 1st

Conflicker Mainstream Media Reports - Frequently updated information but from a consumer news perspective.


Share or Bookmark this Article Using:
| furl | reddit | del.icio.us | magnoliacom | digg | newsvine | stumble it |



Posted by NIST.org on Monday 30 March 2009 - 21:21:27 | |printer friendly
Translate to: {GOOGLETRANS}
Google Ads




Headlines

»CVE-1999-0098 (appleshare, mercury_mail_server, slmail)
Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.
»CVE-1999-0725 (internet_information_server)
When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker ...
»CVE-1999-1015 (appleshare_mail_server)
Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and earlier allows a remote attac ...
»CVE-2000-1090 (internet_information_server)
Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for pars ...
»CVE-2001-0198 (quicktime)
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbit ...
»CVE-2001-0240 (word)
Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the ...
»CVE-2002-1143 (excel, word)
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field cod ...
»CVE-2002-2132 (windows_2000, windows_xp)
Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files ...
»CVE-2003-0122 (lotus_domino, lotus_notes_client)
Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote ...
»CVE-2003-0123 (lotus_domino, lotus_notes_client)
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicio ...
»CVE-2003-0664 (word, works)
Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, w ...
»CVE-2006-1540 (office)
MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers t ...
»CVE-2006-3647 (office)
Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote use ...
»CVE-2006-5331 (linux_kernel)
The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before ...
»CVE-2007-1765 (definity_one_media_server, ie, ip600_media_servers, s3400, s8100, windows_2000, windows_2003_server, windows_vista, windows_xp)
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to exe ...


Date published: 2017-11-22T19:00:10Z
Details

»Intel Firmware Vulnerability
Original release date: November 21, 2017 Intel has released recommendations to address vulner ...
»Symantec Releases Security Update
Original release date: November 21, 2017 Symantec has released an update to address a vulnera ...
»Windows ASLR Vulnerability
Original release date: November 20, 2017 The CERT Coordination Center (CERT/CC) has released ...
»Holiday Scams and Malware Campaigns
Original release date: November 16, 2017 | Last revised: November 17, 2017 US-CERT reminds us ...
»Oracle Releases Security Alert
Original release date: November 16, 2017 Oracle has released a security alert to address mult ...
»Cisco Releases Security Update
Original release date: November 15, 2017 Cisco has released a security update to address a vu ...
»Mozilla Releases Security Updates
Original release date: November 14, 2017 Mozilla has released security updates to address mul ...
»Microsoft Releases November 2017 Security Updates
Original release date: November 14, 2017 Microsoft has released updates to address vulnerabil ...
»Adobe Releases Security Updates
Original release date: November 14, 2017 Adobe has released security updates to address vulne ...
»Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)
Original release date: November 09, 2017 Microsoft has released an advisory that provides gui ...


Date published: not known
Details

»VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale
At VB2017 in Madrid, Cisco Umbrella (OpenDNS) researchers Dhia Mahj ...
»Firefox 59 to make it a lot harder to use data URIs in phishing attacks
Firefox developer Mozilla has announced that, as of version 59 of t ...
»Standalone product test: FireEye Endpoint
Virus Bulletin ran a standalone test on FireEye's Endpoint Security ...
»VB2017 video: Consequences of bad security in health care
Jelena Milosevic, a nurse with a passion for IT security, is unique ...
»Vulnerabilities play only a tiny role in the security risks that come with mobile phones
Both bad news (all devices were pwnd) and good news (pwning is incr ...
»VB2017 paper: The (testing) world turned upside down
At VB2017 in Madrid, industry veteran and ESET Senior Research Fell ...
»VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel
Trickbot, a banking trojan which appeared this year, seems to be a ...
»Paper: FAME - Friendly Malware Analysis Framework
Today, we publish a short paper in which CERT Société Générale pres ...
»Ebury and Mayhem server malware families still active
Ebury and Mayhem, two families of Linux server malware, about which ...


Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» Intel Firmware Vulnerability
[21 Nov 2017 09:02am]

» Symantec Releases Security Update
[21 Nov 2017 05:40am]

» Windows ASLR Vulnerability
[20 Nov 2017 08:57am]

» Holiday Scams and Malware Campaigns
[16 Nov 2017 06:41pm]

» Oracle Releases Security Alert
[16 Nov 2017 02:39pm]

» Cisco Releases Security Update
[15 Nov 2017 10:24am]

» Mozilla Releases Security Updates
[14 Nov 2017 01:36pm]

» Microsoft Releases November 2017 Security Updates
[14 Nov 2017 11:50am]

» Adobe Releases Security Updates
[14 Nov 2017 10:41am]

» Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)
[09 Nov 2017 01:19pm]

***
US-CERT Alerts

» TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer
[14 Nov 2017 12:00pm]

» TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL
[14 Nov 2017 11:09am]

» TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors
[20 Oct 2017 04:50pm]

» TA17-181A: Petya Ransomware
[30 Jun 2017 11:41pm]

» TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure
[13 Jun 2017 09:45am]

» TA17-163A: CrashOverride Malware
[12 Jun 2017 03:44pm]

» TA17-156A: Reducing the Risk of SNMP Abuse
[05 Jun 2017 06:11pm]

» TA17-132A: Indicators Associated With WannaCry Ransomware
[12 May 2017 07:36pm]

» TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors
[27 Apr 2017 04:50pm]

» TA17-075A: HTTPS Interception Weakens TLS Security
[16 Mar 2017 06:40am]

***
Computerworld Security

» The best mobile threat defense is mobile threat detection
[22 Nov 2017 04:34am]

» Symphony targets collaboration users outside financial services
[20 Nov 2017 12:03pm]

» Matrix Banker malware spreads to multiple industries | Salted Hash Ep 7
[20 Nov 2017 07:00am]

» Strong and stable: The iOS security guide
[17 Nov 2017 09:36am]

» Patch alert: Microsoft acknowledges printer bug; forced 1709 upgrades continue
[17 Nov 2017 07:06am]

» Microsoft forces Win10 1703 customers onto 1709, and other Patch Tuesday shenanigans
[15 Nov 2017 11:52am]

» 11% off August Smart Lock Pro With Connect Bundle - Deal Alert
[15 Nov 2017 07:46am]

» Lock it down: The macOS security guide
[15 Nov 2017 07:11am]

» ‘Hey Siri, buy $100 Bitcoin for the burglar guy’
[14 Nov 2017 07:08am]

» Ransomware marketplaces and the future of malware | Salted Hash Ep 6
[13 Nov 2017 05:00am]

» The top 5 problems with blockchain
[10 Nov 2017 04:11am]

» Mingis on Tech: The iPhone X – best phone for business, or best phone ever?
[09 Nov 2017 03:15pm]

» Android security audit: An 11-step checklist
[09 Nov 2017 10:36am]

» 15% off APC 11-Outlet Surge Protector with USB Charging Ports and SurgeArrest - Deal Alert
[08 Nov 2017 06:35am]

» What is blockchain? The most disruptive tech in decades
[07 Nov 2017 06:06pm]

***
Microsoft Security Advisories

» 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 1.0
[08 Nov 2017 11:00am]

» 4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
[08 Aug 2017 11:00am]

» 4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
[27 Jun 2017 11:00am]

» 4025685 - Guidance related to June 2017 security update release - Version: 1.0
[13 Jun 2017 11:00am]

» 4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
[12 May 2017 11:00am]

» 4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
[12 May 2017 11:00am]

» 4021279 - Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege - Version: 1.1
[10 May 2017 11:00am]

» 4010323 - Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 - Version: 1.0
[09 May 2017 11:00am]

» 3123479 - SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[14 Mar 2017 11:00am]

» 4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0
[27 Jan 2017 11:00am]

» 3214296 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege - Version: 1.0
[10 Jan 2017 11:00am]

» 3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege - Version: 1.0
[13 Sep 2016 11:00am]

» 3174644 - Updated Support for Diffie-Hellman Key Exchange - Version: 1.0
[13 Sep 2016 11:00am]

» 3179528 - Update for Kernel Mode Blacklist - Version: 1.0
[09 Aug 2016 11:00am]

» 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[18 May 2016 11:00am]

***
Security Latest

» 'Vapor Wake' Explosive-Sniffing Dogs Help Protect the Thanksgiving Day Parade
[22 Nov 2017 09:05am]

» The US Global Engagement Center's Fight Against Russian Propaganda Has Barely Started
[22 Nov 2017 04:00am]

» Uber Hid 57-Million User Data Breach For Over a Year
[21 Nov 2017 05:56pm]

» Feds Indict Iranian for HBO Hack—But Extradition Isn't Likely
[21 Nov 2017 12:47pm]

» Artificial Intelligence Can Hunt Down Missile Sites in China Hundreds of Times Faster Than Humans
[21 Nov 2017 04:00am]

» Intel Management Engine Flaws Leave Millions of PCs Exposed
[20 Nov 2017 09:10pm]

» Stopping Robocalls Will Soon Be Easier Than Ever
[20 Nov 2017 02:27pm]

» The Pentagon Left Data Exposed in the Cloud
[18 Nov 2017 07:00am]

» Everything Attorney General Jeff Sessions Has Forgotten Under Oath
[17 Nov 2017 10:03am]

» Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera
[16 Nov 2017 05:00am]

» The Vulnerabilities Equities Process Still Has Issues Even After Added Transparency
[15 Nov 2017 05:33pm]

» OnePlus Phones Have an Unfortunate Backdoor Built In
[14 Nov 2017 02:57pm]

» How to Lock Down Your Facebook Privacy Settings
[14 Nov 2017 07:10am]

» Inside the Decades-Long Fight for Better Emergency Alerts
[14 Nov 2017 06:00am]

» Watch a 10-Year-Old Beat Apple's Face ID on His Mom's iPhone X
[14 Nov 2017 05:00am]

***
Network World Security

» Docs should help design medical IoT
[17 Nov 2017 05:04am]

» 11% off August Smart Lock Pro With Connect Bundle - Deal Alert
[15 Nov 2017 07:46am]

» Forrester predicts what’s next for IoT
[14 Nov 2017 08:17am]

» What to consider when deploying a next-generation firewall
[08 Nov 2017 11:51am]

» 7 free tools every network needs
[15 Aug 2017 01:52pm]

» Gravityscan, keeping WordPress sites safe
[24 May 2017 02:34pm]

» Network monitoring tools: Features users love and hate
[01 May 2017 04:51am]

» Book Review: Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
[27 Apr 2017 12:45pm]

» Fight firewall sprawl with AlgoSec, Tufin, Skybox suites
[10 Apr 2017 04:32am]

» Review: Canary Flex security camera lives up to its name
[24 Mar 2017 07:01am]

» Zix wins 5-vendor email encryption shootout
[13 Mar 2017 04:00am]

» Review: vArmour flips security on its head
[06 Mar 2017 03:50am]

» 5 open source security tools too good to ignore
[21 Feb 2017 07:12am]

» Matrix Banker malware spreads to multiple industries | Salted Hash Ep 7
[20 Nov 2017 07:00am]

» 11% off August Smart Lock Pro With Connect Bundle - Deal Alert
[15 Nov 2017 07:46am]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}