Dear All,
We would like to inform you that we have received new updates from our Global Update Center.
Topic: WORM_Downad.KK – Activates on April Fool’s Day
Advisory Release Date: March 18, 2009
Details
Worm_downad had infected more than 15 million computers, making it one of the widespread infections in recent times.
A new variant of worm_downad (aka Conficker) is expected to be launched on April Fool’s day.
Trend Micro detects this new variant as worm_downad.kk. More information can be found at http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOWNAD.KK&VSect=T. Trend Micro detects this malware starting with pattern file 5.885.00.
Compared to the old variants, worm_downad.kk is more sophisticated. Here are a few of the payloads :
· Connects to various time servers to determine the current date and time.
· Register itself as a system service to ensure auto execution every startup.
· Deletes a registry key to prevent system startup in safe mode.
· Terminates security-related processes (i.e. procexp, regmon, autoruns, gmer etc.)
· Blocks access to security and antivirus websites.
· Generates 50,000 malicious URLs and attempts to connect to around 500 random generated URLs at a time.
_______________________________________________________________________
Recommended Action
· Enable Web Reputation Service
· Make sure that you have the latest virus definitions (at least pattern file 5.885.00)
· Run a FULL system scan to ensure that malware does not exist on your PC
· Apply MS 08-067
· Ensure strong password practice
· Disable autorun.inf for removeable devices
· For file sharing server, don’t share to everyone.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment