Win32/Conficker.B/Downadup infections

Mak 2.0

Mod...WAFFLES!?!?
Staff member
#1
Actions Requested:
Win32/Conficker.B/Downadup infections

Please offer these links and resources to members of your community to help mitigate this threat.

MS08-067
Malicious Software Removal tool
History: Win32/Conficker.B

---------------------------------------------------------------------------

Abstract:
Based on feedback from MVPs and other sources, we are concerned about the rise in reported infections due to the worm Win32/Conficker.B also known as “Downadup.” Though systems which have already applied the out-of-band released MS08-067 in October 2008 are protected, unpatched system user have experienced system lockout and other problems.

Last week, we released a version of the Malicious Software Removal tool (MSRT) that can help remove variants of Win32/Conficker and other resources. Please share this information in your communities to help address this threat.

---------------------------------------------------------------------------

Background
Win32/Conficker.B exploits a vulnerability in the Windows Server service (SVCHOST.EXE) for Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows 2008. While Microsoft addressed this issue in October with Microsoft Security Bulletin MS08-067, and Forefront antivirus and OneCare (as well as other vendor’s anit-virus products) helped protect against infections, many systems that have not been patched manually through Server Update Services and Microsoft/Windows Update or through Automatic Updates have recently come under attack by this worm. Attacked systems may lock out users, disable our update services and block access to security-related Web sites:

In response to this threat, Microsoft has:

· Updated the January version of the MSFT to detect and remove variants of Win32/Conficker.B. You can download this version from the MSRT from either the Microsoft Update site or through its associated Knowledge Base article.

· Created the KB article 962007 “Virus alert about the Win32/Conficker.B worm” to provide public details on the symptoms and removal methods available to address this issue.

· Announced the release of the items and the virus threat itself on the Microsoft Malware Protection Center blog.

It is our hope that these resources can assist you in resolving issues with unpatched, infected systems and that you can apply MS08-067 to any other unpatched systems as soon as possible to avoid this threat.

Source: In House
 

Mak 2.0

Mod...WAFFLES!?!?
Staff member
#3
Not a problem. Got the email and was told to share it with the community. So i did. :smile:
 
#4
Thanks for the links, Mak. :smile:
I have applied the update, and installed the MSRT, so I should be protected now...at least from that particular threat. :wink:

-Coolname007
 

JustinW

Super Moderator
Staff member
#5
What a perfect time to remind everyone that updates are incrediably important. Anytime someone nay-says about how the update proccess takes 5-10 minutes every month I tell them "well would you rather be wide-open (basically) because of your stupidity?"

So don't let it happen to you. If your lazy do yourself a favor and at least have automatic updates enabled. You'll thank yourself later.
 
#6
Well...I installed it on XP, but now I'm trying to install it on Vista, as well, on the same computer, but unfortunately it seems they only have a version of the security update for Vista SP1, and not for SP2 Beta, which is the version of Vista I have currently installed. :x So I hope this means then that the update was already included in the SP2 beta! :wink: And also, does anyone know if the fix has been incorporated in Win 7, as I'm about to install that, and I want my computer to be protected on all sides? And if it is not included in Win 7, does anyone know how one could fix the issue on the Win 7 platform?

-Coolname007
 

mqudsi

Mostly Harmless
Staff member
#7
It's not included in SP2 beta, because the bug wasn't out when it was released.

Use Windows Update.
 
#8
It's not included in SP2 beta, because the bug wasn't out when it was released.
But using that logic, then...there shouldn't even be support for it in SP1 of Vista either, since it was released before the bug was out, as well! :brows:
Use Windows Update.
Thanks for the suggestion, but I tried Windows Update a couple minutes after reading your message last night, but the only update it found and installed was some update for Word...:wink:

Any other suggestions?

Thanks Guru for the support.

-Coolname007
 

mqudsi

Mostly Harmless
Staff member
#9
I guess I wasn't too clear. What I meant was, the patch isn't already included in SP2 beta nor in SP1 because they were released before the bug went out - not that there isn't an update for SP2 beta because of that.

If I had to guess, I'd say that MS blocked applying the patch to SP2 beta by accident.
 
#10
I guess I wasn't too clear. What I meant was, the patch isn't already included in SP2 beta nor in SP1 because they were released before the bug went out - not that there isn't an update for SP2 beta because of that.

If I had to guess, I'd say that MS blocked applying the patch to SP2 beta by accident.
Alright...so I guess that means then that the security update that Mak mentioned can't be applied to Vista SP2 beta? :frowning: That sucks...

Any other ideas on how to fix that security leak on SP2 Beta, then?

-Coolname007
 
Last edited:

mqudsi

Mostly Harmless
Staff member
#11
The traditional way of hacking MS updates is to monitor the %temp% folder for the extracted update contents, modify update.ini to preclude your current setup (SP2's build number vs. the SP1 build number), run the update, then quickly revert update.ini to the old values before it discovers you've played with them.
 

Mak 2.0

Mod...WAFFLES!?!?
Staff member
#12
Microsoft will apply the update to SP2 Beta and release a updated Build. That is why there is no download for those running the Beta.
 

mqudsi

Mostly Harmless
Staff member
#13
That's hardly an excuse not to provide a hotfix to users doing MS a favor and testing their beta in the *here and now* where they might get infected.
 
#14
That's hardly an excuse not to provide a hotfix to users doing MS a favor and testing their beta in the *here and now* where they might get infected.
I agree. :smile: They should already have a version of that security update for Vista SP2 Beta, and not simply claim that "it will be included in the next beta release of Vista"... :lup:

-Coolname007
 

Mak 2.0

Mod...WAFFLES!?!?
Staff member
#16
That's hardly an excuse not to provide a hotfix to users doing MS a favor and testing their beta in the *here and now* where they might get infected.
At the same time Vista is not as important to patch as XP.

If you read the info XP it is Critical to Patch. Vista it is jsut considered important. So ir could very well be that Vista is not as open to this flaw as XP.

I am not saying that what M$ is doing is right. I was just giving a reason for why it might not be included.

I mean they are not know for all the best moves. Giving the testers of Win7 2 days to get their download before the public.:O
 
#17
I mean they are not know for all the best moves. Giving the testers of Win7 2 days to get their download before the public.:O
Good point! :happy: :happy: :happy:

-Coolname007
 

mqudsi

Mostly Harmless
Staff member
#18
At the same time Vista is not as important to patch as XP.

If you read the info XP it is Critical to Patch. Vista it is jsut considered important. So ir could very well be that Vista is not as open to this flaw as XP.

I am not saying that what M$ is doing is right. I was just giving a reason for why it might not be included.

I mean they are not know for all the best moves. Giving the testers of Win7 2 days to get their download before the public.:O
Actually, according to F-Secure (the antivirus company), it's just as bad on Vista:

Social Engineering Autoplay and Windows 7 - F-Secure Weblog : News from the Lab

And Windows 7, too. :S
 
#19
And Windows 7, too. :S
:S:wtf::scared: So they didn't create a patch for Win 7 either?!! :wtf: What is wrong with Microsoft?!! :wtf: They should have at least included the update in Win 7, if not Vista SP2 Beta...or was Win 7 released before wind of the new bug came out as well?

Even if Win 7 came out before the news of that security leak came, they should have at least patched a version of the update for Win 7 by now...as just think of all the people that recently downloaded and installed the new OS! :wink: If this new bug strikes Win 7 platforms as well, so soon after the release of Win 7, Microdoft is going to have some serious explaining to do to the general public... :glare:

-Coolname007