Conficker Threat Notice
cyberM·I·N·D· Threat Management Notification
Date: 03/26/2009
From: cyberM·I·N·D· Virus Information Center
877/269-373-6680 x 911
Overall risk: Medium
Destructive level: Medium
Threat brief:
The Conficker.C worm, sometimes called Downadup or Kido is capable of blocking security related websites, terminating system security services and downloading component files using time-based generated URLs. One particular strain of the virus is expected to update itself on presently infected computers on April 1 st. While it is not suspected that the virus will “activate”, it is expected that the virus will take further steps to evade detection.
Brief Description:
As of March 26, 2009, cyberMIND has declared a Yellow alert to control the spread of this malware. Virus infection reports from across the globe have been received at our Virus Information Center.
If infected, Conficker.C allows hackers to gain remote control of the affected computer with the same privileges as the logged on user. If this user has administrator rights , the hacker could take complete control of the system: create, modify or delete files, install programs, create new user accounts, etc.
From initial reports, this virus currently affects computers running Windows 2000/Vista/2003/XP.
cyberMIND has already applied patches to your server(s) and plugged the necessary holes in your firewall(s) prior to the release of the virus and variants. We will be contacting you shortly to apply patches to your office workstations.
In regards to your personal home computers, please ensure that you update your computer regularly by visiting the windowsupdate.microsoft.com web site and applying any and all critical security updates. This may take several passes through the windows update site to gain all of the necessary updates. We kindly ask that you do not follow this procedure for your work computer as we have specific deployment procedures that we maintain.
This virus is not your typical virus and has few symptoms, but will infect vulnerable computers who are directly connected to the Internet and not protected by antivirus/malware software, the appropriate patch or a firewall.
This worm exploits the Microsoft Windows Server Service vulnerability that allows remote code execution and enables an attacker to gain full control of affected systems.
For additional information, including free online scanning and removal tools, please visit:
http://antivirus.cybermind.biz
|