Giant Internet worm set to change tactics April 1 (AP)

[ducks]

http://tech.yahoo.com/news/ap/200903...cker_countdown

[France B-boy]

Stop Conficker from spreading by using Group Policy

Notes

• This procedure does not remove the Conficker malware from the system. This procedure only stops the spread of the malware. You should use an antivirus product to remove the Conficker malware from the system. Or, follow the steps in the "Manual steps to remove the Conficker.b variant" section of this Knowledge Base article to manually remove the malware from the system.
• Please carefully read and understand the note in step 4 of this procedure.

Create a new policy that applies to all computers in a specific organizational unit (OU), site, or domain, as required in your environment.

To do this, follow these steps:

1. Set the policy to remove write permissions to the following registry subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost
   This prevents the random named malware service from being created in the netsvcs registry value.
   
   To do this, follow these steps:
   
   1. Open the Group Policy Management Console (GPMC).
   2. Create a new Group Policy object (GPO). Give it any name that you want.
   3. Open the new GPO, and then move to the following folder: Computer Configuration\Windows Settings\Security Settings\Registry
   4. Right-click Registry, and then click Add Key.
   5. In the Select Registry Key dialog box, expand Machine, and then move to the following folder: Software\Microsoft\Windows NT\CurrentVersion\Svchost
   6. Click OK.
   7. In the dialog box that opens, click to clear the Full Control check box for both Administrators and System.
   8. Click OK.
   9. In the Add Object dialog box, click Replace existing permissions on all subkeys with inheritable permissions.
   10. Click OK.
2. Set the policy to remove write permissions to the %windir%\tasks folder. This prevents the Conficker malware from creating the Scheduled Tasks that can re-infect the system.
   
   To do this, follow these steps:
   
   1. In the same GPO that you created earlier, move to the following folder: Computer Configuration\Windows Settings\Security Settings\File System
   2. Right-click File System, and then click Add File.
   3. In the Add a file or folder dialog box, browse to the %windir%\Tasks folder. Make sure that Tasks is highlighted and listed in the Folder: dialog box.
   4. Click OK.
   5. In the dialog box that opens, click to clear the check boxes for Full Control, Modify and Write for both Administrators and System.
   6. Click OK.
   7. In the Add Object dialog box, click Replace existing permissions on all subkeys with inheritable permissions.
   8. Click OK.
3. Set ######## (Autorun) features to disabled. This keeps the Conficker malware from spreading by using the ######## features that are built into Windows.
   
   To do this, follow these steps:
   
   1. In the same GPO that you created earlier, move to one of the following folders:
      
      • For a Windows Server 2003 domain, move to the following folder: Computer Configuration\Administrative Templates\System
      • For a Windows 2008 domain, move to the following folder: Computer Configuration\Administrative Templates\Windows Components\######## Policies
   2. Open the Turn off ######## policy.
   3. In the Turn off ######## dialog box, click Enabled.
   4. In the drop-down menu, click All drives.
   5. Click OK.
4. Disable the local administrator account. This blocks the Conficker malware from using the brute force password attack against the administrator account on the system.
   
   Note Do not follow this step if you link the GPO to the domain controller's OU because you could disable the domain administrator account. If you have to do this on the domain controllers, create a separate GPO that does not link the GPO to the domain controller's OU, and then link the new separate GPO to the domain controller's OU.
   
   To do this, follow these steps:
   
   1. In the same GPO that you created earlier, move to the following folder: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
   2. Open Accounts: Administrator account status.
   3. In the Accounts: Administrator account status dialog box, click to select the Define this policy check box.
   4. Click Disabled.
   5. Click OK.
5. Close the Group Policy Management Console.
6. Link the newly created GPO to the location that you want it to apply to.
7. Allow for enough time for Group Policy to update to all computers. Generally, Group Policy replication takes five minutes to replicate to each domain controller, and then 90 minutes to replicate to the rest of the systems. A couple hours should be enough. However, more time may be required, depending on the environment.
8. After the Group Policy has propagated, clean the systems of malware.
   
   To do this, follow these steps:
   
   1. Run full antivirus scans on all computers.
   2. If your antivirus software does not detect Conficker, you can use the Malicious Software Removal Tool (MSRT) to clean the malware. For more information, visit the following Microsoft Web page: http://www.microsoft.com/security/ma...e/default.mspx (http://www.microsoft.com/security/ma...e/default.mspx)
      Note You may still have to take some manual steps to clean all the effects of the malware. To clean all the effects that are left behind by the malware, follow the steps that are listed in the "Manual steps to remove the Conficker.b variant" section of this Knowledge Base article.

Back to the top

[LnGrrrR]

I'm not going to that link because it's probably just the link for the virus

[ClingingMars]

lol, windows

[baseline bum]

Linux is looking pretty good right now.

[TDMVPDPOY]

that if alot of instructions, it

[Cant_Be_Faded]

Anyone watch 60 minutes tonight? Before the lebron interview they did a thing about Conficker. They had their really really old blonde interviewing Symantec antivirus president....she was describing what it's like to get infected, and was clicking on malicious websites...she said this

"And then I get infected. The hackers, have owned me."

L O L

[baseline bum]

Anyone watch 60 minutes tonight? Before the lebron interview they did a thing about Conficker. They had their really really old blonde interviewing Symantec antivirus president....she was describing what it's like to get infected, and was clicking on malicious websites...she said this

"And then I get infected. The hackers, have owned me."

L O L

LOL... that piece was a big ing commercial for Symantec.

[Cant_Be_Faded]

LOL... that piece was a big ing commercial for Symantec.

No . And I loved how they barely touched on the conflict of interest. And I got pissed off how they mentioned Russia's cyber army and not the ing chinese. Don't they realize the Chinese have 40 million people in their cyber army that are forced to hack at gunpoint?

[baseline bum]

I hate how the word hacker has become so bas ized by popular culture. A hacker is an expert programmer; not some 12 year-old bag copying something he read online to try to steal credit-card numbers or install a rootkit on someone's system.

[Cant_Be_Faded]

I hate how the word hacker has become so bas ized by popular culture. A hacker is an expert programmer; not some 12 year-old bag copying something he read online to try to steal credit-card numbers or install a rootkit on someone's system.

I laughed my ass off when they showed that 12 year old Russian neonazi skinhead "Hacker" in that photo, and they did not mention how he was grabbing that other dude's , giving the thumbs up with his other hand.
Did you see this? The guy was grabbing the other skinheads crotch, and the whole crew was giving the thumbs up. And all the old chick said was, "He's a hacker? He can't drive!"

[baseline bum]

I laughed my ass off when they showed that 12 year old Russian neonazi skinhead "Hacker" in that photo, and they did not mention how he was grabbing that other dude's , giving the thumbs up with his other hand.
Did you see this? The guy was grabbing the other skinheads crotch, and the whole crew was giving the thumbs up. And all the old chick said was, "He's a hacker? He can't drive!"

I didn't notice that!

[Cant_Be_Faded]

It was like a michael jackson crotch grab, except the little kid was doing it to the other skinhead in the middle.

[mouse]

Symantec antivirus

Anyone who still uses that dinosaur of a software deserves an infection..