TA08-297A (other)
CVE-2008-4250 (other)
VU827267 (other)
Win32/Conficker.A (CA)
Mal/Conficker-A (Sophos)
Trojan.Win32.Agent.bccs (Kaspersky)
W32.Downadup.B (Symantec)
Confickr (other)
Each security service provider seems to have a different code name, which in my opinion is ridiculous. It seems they should all agree on one name, to at least make it easy on the consumer/tech on finding removal tools or overall general information.
The worm exploits a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products. Here is the hints that you may be infected.
Each security service provider seems to have a different code name, which in my opinion is ridiculous. It seems they should all agree on one name, to at least make it easy on the consumer/tech on finding removal tools or overall general information.
The worm exploits a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products. Here is the hints that you may be infected.
The following system changes may indicate the presence of this malware:
- The following services are disabled or fail to run:
Windows Update Service
Background Intelligent Transfer Service
Windows Defender
Windows Error Reporting Services
Background Intelligent Transfer Service
Windows Defender
Windows Error Reporting Services
- Some accounts may be locked out due to the following registry modification, which may flood the network with connections:
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"TcpNumConnections" = "0x00FFFFFE"
"TcpNumConnections" = "0x00FFFFFE"
- Users may not be able to connect to websites or online services that contain the following strings:
virus
spyware
malware
rootkit
defender
microsoft
symantec
norton
mcafee
trendmicro
sophos
panda
etrust
networkassociates
computerassociates
f-secure
kaspersky
jotti
f-prot
nod32
eset
grisoft
drweb
centralcommand
ahnlab
esafe
avast
avira
quickheal
comodo
clamav
ewido
fortinet
gdata
hacksoft
hauri
ikarus
k7computing
norman
pctools
prevx
rising
securecomputing
sunbelt
emsisoft
arcabit
cpsecure
spamhaus
castlecops
threatexpert
wilderssecurity
windowsupdate
Up next a list of the most commonly used passwords that hackers look for to break into your network.
Computer Gal
spyware
malware
rootkit
defender
microsoft
symantec
norton
mcafee
trendmicro
sophos
panda
etrust
networkassociates
computerassociates
f-secure
kaspersky
jotti
f-prot
nod32
eset
grisoft
drweb
centralcommand
ahnlab
esafe
avast
avira
quickheal
comodo
clamav
ewido
fortinet
gdata
hacksoft
hauri
ikarus
k7computing
norman
pctools
prevx
rising
securecomputing
sunbelt
emsisoft
arcabit
cpsecure
spamhaus
castlecops
threatexpert
wilderssecurity
windowsupdate
Up next a list of the most commonly used passwords that hackers look for to break into your network.
Computer Gal
No comments:
Post a Comment