Got this from Microsoft and decided would be good to share this with you
Based on feedback from
MVPs and other sources, we are concerned about the rise in reported
infections due to the worm Win32/Conficker.B also known as
“Downadup.” Though systems which have already applied the
out-of-band released MS08-067 in October 2008 are protected,
unpatched system users have experienced system lockout and other
problems.
Last week, we released a version of the Malicious Software Removal tool (MSRT) that
can help remove variants of Win32/Conficker and other resources. Please
share this information in your communities to help address this threat.
Win32/Conficker.B
exploits a vulnerability in the Windows Server service (SVCHOST.EXE) for
Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows 2008.
While Microsoft addressed this issue in October with Microsoft Security
Bulletin MS08-067,
and Forefront antivirus and OneCare (as well as other vendor’s anit-virus
products) helped protect against infections, many systems that have not been
patched manually through Server Update Services and Microsoft/Windows Update or
through Automatic Updates have recently come under attack by this worm.
Attacked systems may lock out users, disable our update services and block
access to security-related Web sites:
In response to this
threat, Microsoft has:
·
Updated the January version of the MSRT to
detect and remove variants of Win32/Conficker.B. You can download this
version from the MSRT from either the Microsoft
Update site or through its associated Knowledge Base article.
·
Created the KB article 962007 “Virus alert about the
Win32/Conficker.B worm” to provide public details on the symptoms and
removal methods available to address this issue.
·
Announced the release of the items and the virus threat itself on the Microsoft
Malware Protection Center blog.
It is our hope that these
resources can assist you in resolving issues with unpatched, infected systems
and that you can apply MS08-067
to any other unpatched systems as soon as possible to avoid this threat.
Denis has been working with SQL Server since version 6.5. Although he worked as an ASP/JSP/ColdFusion developer before the dot com bust, he has been working exclusively as a database developer/architect since 2002. In addition to English, Denis is also fluent in Croatian and Dutch, but he can curse in many other languages and dialects (just ask the SQL optimizer) He lives in Princeton, NJ with his wife and three kids.
6 Comments
According to http://www.downadup.com – a guide to removing this virus – its also important to disable AutoStart; a whole new infection vector is through USB drives.
Did Downadup/conficker attack your network? I’ve created a batch file for system administrators to clean/patch/cure infected systems in their networks.
check it out here:
http://extremesecurity.blogspot.com/2009/01/beat-downadupconficker-like-pro-my.html
I appreciate any sensible person will want to patch their machine, but why not start out with one that does not need to be patched in the first place.
If you use Linux, you’ll never have to patch, because if you choose correctly, one like Ubuntu Intrepid Ibex, it’s done for you automatically, and it’s easier than Windows to install and FREE!
Charles Norrie, if you had automatic updates turned on then you would also be safe on windows since this was pushed out already in October or November of last year
Dear Mr SQLDenis,
Unfortunately Conficker seems to be able to subvert the automatic update process to its own purposes and there’s a battle royal between Redmond and US CERT about whether to switch it off or not.
It’s not for me to judge that outcome, but if it turns out it’s neceassry to turn off Autoupdate there’s going to have to be a lot of manual work.
Norton has patch for it but then you got to get into safe mode and do some changesw manually.