Here’s the second instalment of the "ten ways to dodge cyberbullets" that I promised you.
Keep applications and operating system components up-to-date with automated updates and patches, and by regularly reviewing the vendors’ product update sections on their web sites.
This point is particularly relevant right now, given the escalating volumes of Conficker that we’re seeing currently.Win32/Conficker is a network worm that propagates by exploiting a recently-discovered vulnerability in the Windows operating system (MS08-67). The vulnerability is present in the RPC sub system and can be exploited remotely by an attacker. The attacker can perform his attack without valid user credentials. As we mention in our Threat Report for November, Conficker tries to download additional malware likely to be connected with adware, typically the FakeAlert, Wigon families): it avoids infecting Ukrainian PCs. In addition, it shuts down the windows firewall and starts an http server on a random port.
Sometimes, it seems that the whole world assumes that the only vendor that suffers from vulnerabilities in its operating system and other software is Microsoft. To see how misleading claims like this can be, check out the weekly “Consensus Security Vulnerability Alert” published by SANS (see http://portal.sans.org), which summarizes some of the most important vulnerabilities and exploits identified in the preceding week. Even during a week that includes “Patch Tuesday”, you’ll typically find that problems are flagged with a frightening number of applications from other vendors. Certainly, any system administrator should consider making use of this resource.
While ESET has effective detection for Conficker, it’s important for end users to ensure that their systems are updated with the Microsoft patch, which has been available since the end of October, so as to avoid other threats using the same vulnerability. Information on the vulnerability itself is available here.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence