Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > crack analyzes > Content
Hot Articles
GE-Fanuc CIMPLICITY w32r
CA BrightStor ARCserve B
Apple iPhone Passcode Lo
Apple iPhone Passcode Lo
BitTorrent and uTorrent
FoosunCMS Sql Injection
KMail password encryptio
Rainbow awareness tool t
IE7 0Day crack analysis
Roams through three secu
Discuz! NT 2.5 pour into
Cracking the password pr
Ghost has the crack mirr
phpinfo cross station sc
Tomcat crack's analysis
Recommend Articles
Roams through three secu
FoosunCMS Sql Injection
In PHPCMS2.4 an interest
World browser local xss
Z-blog cross station scr
About XSS crack another
hzhost hypothesized main
php the escapeshellcmd m
Thunderclap ActiveX cont
360 security browser loc
The third party browser
The careful character re
Maxthon roams through br
Yahoo! Statistical funct
Using sohu website URL s
New Articles
The H?to half of all mal
Capital protects eyes cr
Agents of the secret net
fingerPIN launches multi
Tips to supply household
OCS Resolution Security
Spyware attacks tripled
Drink and drug driving c
Forgot your password?has
PKWARE PartnerLink membe
Masternaut provides live
Troj / Erazer-A Trojan i
Hacker of 21?Years old,
Free Firefox anti-phishi
Cyber-criminals are not
How to fight the Conficker worm
  Add date: 05/06/2009   Publishing date: 05/06/2009   Hits: 11

There has been a resurgence in the Conficker worm (also known as Downadup) that we first saw in November. This is probably due to the malware authors adding some new propagation methods such as spreading via USB flash drives and Windows file-sharing.

These techniques make it hard to remove from a network, as a single computer unpatched against the Microsoft MS08-67 security vulnerability, is able to reinfect the whole network via file shares.

Obviously the best thing you can do is make sure that Microsoft’s patch is in place on every vulnerable computer on your network. In addition, you should ensure that your anti-virus software is up-to-date and ensure that HIPS and Buffer Overflow Protection (BOPS) protection is enabled, as that can prevent the initial exploit that causes a network to become infected.

But what can you do if you can’t patch a computer with Microsoft’s patch for some reason?

The advice is to block all incoming and outgoing traffic on port 445 from those computers to ensure that (a) they aren’t hit with exploits from the internet and (b) if they somehow are exploited, they aren’t able to infect the rest of the network via file shares.

Furthermore, if you have a group policy in place to lock out accounts after too many unsuccessful login attempts, the worm will probably cause many of these accounts to become locked out during the worm’s password-cracking attempts. This can obviously be annoying, but at the same time it is a good indicator that you may have an infected computer on the network.

In addition, it’s not possible to emphasise enough the importance of using sensible passwords on your network.

Not just on the areas of your network that you don’t want your users to traipse through, but also on the default network shares that are present on installations of commonly used operating systems like Windows NT/2000/XP/2003.

One of the ways in which the Conficker worm (also known as Confick or Downadup) uses to spread is to try and batter its way into ADMIN$ shares using a long list of different passwords. It relies upon computers using poorly chosen passwords such as dictionary words, “password”, “qwerty” or sequences of letters or repeated numbers.

One way to make it harder for password-cracking malware like Conficker from spreading across your network is to ensure that no-one is using a poorly-chosen password.

And, of course, don’t delay installing the critical security patch that Microsoft issued late last year.
Prev:Software publishers cannot leave anti-piracy to Government alone Next:Indian Police on the hunt for poorly secured wireless connections

Comment:

Category: Home > crack analyzes
Home