See link for information
http://www.bleepingcomputer.com/forums/topic195364.html
zep516
Also see the additional information Harry posted at his blog: http://msmvps.com/blogs/harrywaldron/archive/2009/01/15/avert-labs-conficker-worm-using-metasploit-payload-to-spread.aspx
And here is a link to read,
http://www.windowssecrets.com/2007/11/08/02-One-quick-trick-prevents-Autorun-attacks
zep
More news about this issue here:
http://news.bbc.co.uk/2/hi/technology/7832652.stm (http://news.bbc.co.uk/2/hi/technology/7832652.stm)
What the heck, I'll join the party with this offering from the UK Covernment's "Centre for the Protection of National Infrastructure".
QuoteThe vulnerability addressed in MS08-067 continues to be exploited by the Downadup / Conficker (and variants) worm. This advisory acts as a reminder for continued caution.
CPNI are aware of continuing infections of the Downadup / Conficker worm. CSIRTUK advise extra vigilance at this time and recommend consulting the advice provided on the following websites:
There then follows a list of links.
http://www.cpni.gov.uk/Products/alerts/3747.aspx
Update:
http://news.bbc.co.uk/2/hi/technology/7832652.stm (http://news.bbc.co.uk/2/hi/technology/7832652.stm)
http://www.f-secure.com/weblog/archives/00001588.html (http://www.f-secure.com/weblog/archives/00001588.html)
http://www.f-secure.com/weblog/archives/00001582.html (http://www.f-secure.com/weblog/archives/00001582.html)
http://www.f-secure.com/weblog/archives/00001586.html (http://www.f-secure.com/weblog/archives/00001586.html)
http://news.bbc.co.uk/2/hi/technology/7842013.stm (http://news.bbc.co.uk/2/hi/technology/7842013.stm)
I didn't read every single article here, but it seems that Windows users are being directed to get this critical update:
KB958644
When I checked my update logs, it seems this update went out in October. This is the date my system was patched:
Friday October 24
Security Update for Windows XP (KB958644)
So is this a continuation of the same warning, or is there a new threat?
it just goes to show how many people did not get the windows patch even when it was a special patch that was put out with much publicity and warnings, as an out of band patch.
I even saw tv news broadcasts emphasizing the importance of getting that patch back when it came out.
Quote from: pastywhitegurl on January 21, 2009, 03:37:42 PM
I didn't read every single article here, but it seems that Windows users are being directed to get this critical update:
KB958644
When I checked my update logs, it seems this update went out in October. This is the date my system was patched:
Friday October 24
Security Update for Windows XP (KB958644)
So is this a continuation of the same warning, or is there a new threat?
Yes, the patch did go out in October and we are now seeing an attack that tries to exploit the vulnerability that that patch closed. Many users, particularly Corporate users, do not use the auto-update feature for fear of the impact that Microsoft's patches may have on their networks - they like to be able to check that the applications that they use are not affected by the patch before they apply it. Those types of users, if they didn't install MS08=067, are particularly vulnerable to this threat. As a home user with the auto-update enabled you should not be under threat if you practice safe computing.
January 22, 2009: MS08-067 Conficker Worm Update
Microsoft Malware Protection Center has published a Threat Research and Response Blog that centralizes Microsoft's guidance.
Centralized Information About The Conficker Worm
Since the time Microsoft released security update MS08-067, we have released information about MS08-067 exploits and specifically about the Conficker worm in our malware encyclopedia and in multiple blog posts for example here. This blog provides a summary of the available information Microsoft has provided on the Conficker worm and the vulnerability it exploits, which Microsoft addressed with MS08-067.
First, we outline the various attack vectors because it's important for customers to understand that the Conficker worm utilizes a variety of attack vectors to infect machines. Based on this analysis we follow up with guidance for what customers can do to protect themselves. The first and most important piece of guidance is to immediately deploy the security update associated with Microsoft Security Bulletin MS08-067, if you haven't already. However, because this worm utilizes a number of additional vectors of attack we provide additional information and guidance to help you build a defense in depth approach. Finally, we close with information and pointers to how to clean up your machine using the Microsoft Malicious Software Removal Tool.
http://blogs.technet.com/mmpc/archive/2009/01/22/centralized-information-about-the-conficker-worm.aspx