Friday, December 20, 2013

CPE: McAfee AudioParasitic: Episode 53 Conficker

length: 00:13:12
Conficker first major worm exploiting MS08-067
Once one machine is infected it will start to download other rouge application.
One machine is compromised, it will start to spread by other mean/vector for example: dictionary attack on share nearby to propagate.
It shuts down security software
It uses scheduled task, kick off attack to other hosts
Block access to security update repository
Autorun inf – method to launch, it’s very common method  (must do: disable autorun feature)
Do reverse lookup of infected machine.

When M$ release out of bad patch – it’s a big deal

It’s memory resident worm – must reboot after clean
It modifies registry permission – make is difficult to clean as security software does not have the right permission

Check , black list of IP of location
A lot of variant – on daily basis.

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home