Category: Virus


The computer world is bracing itself for the latest virus, one so menacing that Microsoft has offered a reward of a quarter of a million dollars
for tracking down its creator, which some experts believe will strike on Wednesday.

computer-worm

The Conficker virus is reported to have infected 10 million computers and experts think the April 1 is D-Day. Just what the virus is going to do is not entirely known, ABC Online reported on Tuesday.

On April 1 a master computer is scheduled to gain control of these zombie machines, said Don DeBolt, director of threat research for CA, a New York-based IT company.

The program could delete all of the files on a person’s computer, use zombie PCs — those controlled by a master — to overwhelm and shut down websites or monitor a person’s keyboard strokes to collect private information like passwords or bank account information, experts said. More likely, though, said DeBolt, the virus may try to get computer users to buy fake software or spend money on other phony products.

Symantec warns that on Wednesday, Conficker “will simply start taking more steps to protect itself.”

After April 1, machines infected with the new Conficker strain may not be able to get security updates from Microsoft and other security products vendors, it says.

W32.Downadup is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874).

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
CVE References: CVE-2008-4250

Once executed, the worm copies itself as the following file:
%System%\[RANDOM FILE NAME].dll

Next, the worm deletes any user-created System Restore points.

It creates the following service:
Name: netsvcs
ImagePath: %SystemRoot%\\system32\\svchost.exe -k netsvcs

Then the worm creates the following registry entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsvcs\Parameters\”ServiceDll” = “[PathToWorm]”

The worm connects to the following URLs to obtain IP address of the compromised computer:

Next, the worm downloads a file from the following URL and executes it:
[http://]trafficconverter.biz/4vir/antispyware/loada[REMOVED]

The worm then creates a http server on the compromised computer on a random port, for example:
http://%5BEXTERNAL IP ADDRESS OF INFECTED MACHINE]:[RANDOM PORT]

The worm then sends this URL as part of its payload to remote computers.

Upon successful exploitation, the remote computer will then connect back to this URL and download the worm.

In this way, each exploited computer can spread the worm itself, as opposed to downloading from a predetermined location.

Next, the worm connects to a UPnP router and opens the http port.

It then attempts to locate the network device registered as the Internet gateway on the network and opens the previously mentioned [RANDOM PORT] in order to allow access to the compromised computer from external networks.

The worm then attempts to download a data file from the following URL:
[http://]www.maxmind.com/download/geoip/database/GeoIP.[REMOVED]

The worm spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874).

Next, the worm attempts to contact the following sites to obtain the current date:

It uses the date information to generate a list of domain names.

The worm then contacts these domains in an attempt to download additional files onto the compromised computer.

Remove W32.Downadup:

Visit the Microsoft Website to fix the problem:
http://support.microsoft.com/kb/958644/en-us

You can also use antivirus software with latest updates to remove the worm quickly

Removal using the W32.Downadup Removal Tool
Symantec Security Response has developed a removal tool to clean the infections of W32.Downadup. Use this removal tool first, as it is the easiest way to remove this threat.

Manual Removal
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

  1. Disable System Restore (Windows Me/XP).
  2. Update the virus definitions.
  3. Run a full system scan.
  4. Delete any values added to the registry.

We have all seen or received them…an unexpected email with an enticing or urgent subject line, maybe even from someone you know. However, don’t rush to open it; think before you act! There are many things that come to you via email that can put you and Organization at risk.

What should I be on the look out for?

There are basically three types of risky emails:

  • Mass-mailing viruses – computer viruses that are capable of spreading via email
  • Phishing – a tactic used by identity thieves, to trick people into disclosing financial or other sensitive information, primarily by using email messages and counterfeit websites
  • Spam – unsolicited email messages sent to thousands or millions of recipients

Although Spam’s definition doesn’t seem to be a risk, it can be just as troublesome. Besides being unwanted, Spam can also be used as a delivery method for malicious software. Open a file or click on a link in a Spam message and you could be putting yourself at risk.

What should I do to avoid being impacted?

  • Ensure that your PC has the latest security software installed and that it is always up-to-date
  • Ensure that your PC has all of the latest security patches and updates installed
  • Do not open attachments within suspicious or unexpected messages, even from people that you trust. Viruses often look like they have been sent from someone you know.
  • Do not click on links to websites within suspicious or unexpected email messages.  If you are ever in doubt about the legitimacy of a message check with the sender.  Contact that person and ask if he/she sent such message before you trust it.
  • Do not publish your email address in public locations wherever possible
  • Do not reply to suspicious or unexpected messages
  • Enable junk filters in Outlook

Virus Removal Tools

McAfee Security provides you with a powerful set of virus removal tools, designed to automatically detect and remove viruses that infected your system. These applications are also valuable because of their size, making them easily downloadable even with a slow Internet connection. If you suspect your system to be infected with one of the following viruses, these invaluable FREE tools will allow you to repair any damages to your computer.

Get up-to-date protection today. install an Antivirus at the earliest, thats the most convenient way to protect your PC from computer viruses like Nimda, SirCam, Bugbear and others.

Sasser Removal Tool

Bagle Removal Tool

Zafi Removal Tool

Mydoom Removal Tool

Lovsan/Blaster Removal Tool

Klez Removal Tool

Bugbear Removal Tool

update your Virus Scan software on a daily/weekly/monthly basis…and be secure..

Regards,

Himanshu

Here is a important piece of information, follow the steps and your computer will always remain stay away from Viruses/Spyware’s.

Step 1. Keep your firewall turned on

What is a firewall?

A firewall helps protect your computer from hackers who might try to delete information, crash your computer, or even steal your passwords or credit card numbers. Make sure your firewall is always turned on.


How to turn on your firewall


How to choose a firewall


Learn more about firewalls for your operating system


Step 2. Keep your operating system up-to-date

What are operating system updates?

High priority updates are critical to the security and reliability of your computer. They offer the latest protection against malicious online activities. Microsoft provides new updates, as necessary, on the second Tuesday of the month.


How to update your operating system


Microsoft security updates: Frequently asked questions


Learn about using Microsoft Update


Go to Microsoft Update


Step 3. Use updated antivirus software

What is antivirus software?

Viruses and spyware are two kinds of usually malicious software that you need to protect your computer against. You need antivirus technology to help prevent viruses, and you need to keep it regularly updated.


How to get antivirus software


Get regular antivirus scanning with Windows Live OneCare


Get a free safety scan


Learn about viruses


Step 4. Use updated antispyware technology
What is antispyware software?

Viruses and spyware are two kinds of usually malicious software that you need to protect your computer against. You need antispyware technology to help prevent spyware, and you need to keep it regularly updated.


Get antispyware technology


Use Windows Defender, free antispyware for Windows XP SP2


Learn about spyware

Skype users beware, as the VoIP is cautioning its users about a new Windows worm that’s doing the rounds through the company’s chat message service. According to the VoIP operator’s Heartbeat blog, the attack looks like a chat message from a friend that asks them to click on what seems to be a link to a JPEG image; needless to say we all know what it is – a VIRUS FILE.

When the Skype use clicks on the link, Windows is prompted to ask for permission to run a .scr file, which is used for screen savers. If the permission is given, the malware, dubbed Skipi or Pykspa or Ramex, will first try to disable access to security-related websites by modifying the hosts file, and then it installs another data-stealing piece of malware.

It seems Skype is now working with major antivirus vendors to fix the issue and is additionally inducing all its Windows users to update their antivirus software to make sure they have the latest protection.

F-Secure and Kaspersky Labs have issued updated definition files to spot the worm. “We would like to encourage our users to ensure that they are running anti-virus software on their computers and to download the latest anti-virus updates in order to provide the best protection against this and other viruses,” Skype spokesman Villu Arak wrote in the Skype blog.

Adding, “Users whose computers are infected with this virus will send a chat message to other Skype users asking them to click on a Web link” able to infect the computer.

And if you are amongst the ones who don’t fall into the trap easily, then here’s a set of manual instructions that Skype has issued for the removal of the worm.