Virus Conficker / W32.Downadup.B
Written by pnyet   
Page 1 of 7
W32.Downadup.B is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874). It also attempts to spread to network shares protected by weak passwords and blocks access to security-related Web sites.
Discovered: December 30, 2008
Updated: December 31, 2008 9:58:37 AM
Also Known As: Worm:W32/Downadup.AL [F-Secure], Win32/Conficker.B [Computer Associates], W32/Confick-D [Sophos], WORM_DOWNAD.AD [Trend]
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
CVE References: CVE-2008-4250
 
Note: After reviewing W32.Downadup.B, Symantec recommends reviewing details of W32.Downadup and W32.Downadup!autorun as well.

Further Reading:
To find out more about W32.Downadup, please read the Symantec Security Response blog entries:
  • W32.Downadup Infection Statistics
  • New Variants of W32.Downadup.B Find New Ways to Propagate
  • W32.Downadup.A and W32.Downadup.B Statistics
  • Downadup: Peer-to-Peer Payload Distribution
  • Downadup: Geo-location, Fingerprinting, and Piracy
  • Downadup: A Lock with No Key

Protection

  • Initial Rapid Release version December 30, 2008 revision 021
  • Latest Rapid Release version January 6, 2009 revision 009
  • Initial Daily Certified version December 30, 2008 revision 024
  • Latest Daily Certified version January 20, 2009 revision 048
  • Initial Weekly Certified release date December 31, 2008

Threat Assessment

Wild

  • Wild Level: Medium
  • Number of Infections: 1000+
  • Number of Sites: 10+
  • Geographical Distribution: Medium
  • Threat Containment: Moderate
  • Removal: Moderate

Damage

  • Damage Level: Medium
  • Modifies Files: Modifies the tcpip.sys file.

Distribution

  • Distribution Level: Medium
  • Shared Drives: Attempts to spread to network shares protected by weak passwords.
  • Target of Infection: Spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874)

<< Start < Prev 1 2 3 4 5 6 7 Next > End >>
 
[ Back ]

Yahoo Chatt

Blogroll

Dhanuxe
fl3xu5
Kamas Muhammad
Irving Nazmi
Masterpop3
Melwin
Ozie
P. Nanang Sg.
Pataka
Republik Blogger
Yogie
Yusuf Hadiwinata
Vavai

Community

CentOS ID
ECHO
Forum Linux
Kecoak Elektronik
Linux Questions
OS Commerce's Forum
Security Focus
Zimbra ID

Security Advisories

ECHO
IPSecs
Milw0rm
mod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_counter
mod_vvisit_counterToday235
mod_vvisit_counterYesterday223
mod_vvisit_counterThis week458
mod_vvisit_counterThis month4671
mod_vvisit_counterAll289409

My Google Page Rank

My Google Page Rank