http://forum.prisonplanet.com/index.php?topic=94699.msg553367;topicseen#msg553367
Personally, I am worried, paranoid level…
What can fight this thing, if it is able to disable security programs?
Conficker is a threat. However, CIS has protected you with this worm day zero by default. This worm I believe also causes Buffer Overflow vulnerability, and again CIS will prevent this too. CIS also protects its own files and registry keys. Malware can NOT shut down its protection without your consent.
Either way, Defense+, Buffer overflow Protection or the AV will catch this. You are protected!
Cheers,
Josh
How does it propagate itself? E-mail, infecting websites? Is it mass-infection-rate worm, something that security websites raise their threat level to high?
Conflicker spreads via USB, See this thread (Reply #65) for screen shots and information from Egemen (Lead CIS developer), And how Defense+ intercepts Conflicker. Remembering no AV was installed. You can see there that Defense+ did say this worm is malware.
Cheers,
Josh
Small correction.
Not just USB, the thread only dealt with the USB angle.
But you can get the dose through all the normal means, drive by, infected downloads, etc.
The main first vector was a through the browser exploit of the server service MS patched in Nov.
My details are sketchy at the moment, but don’t get caught thinking it is only by USB(specifically autorun).
Later
True. :-TU
Thnx for the info…
Will go paranoid and will use geswall/sandboxie for the entrire day, and the next day full system scan.
Should be enough… ;D
Will this variant try to do its work as it’s previous versions or something new?
Just FYI here is a link to a thorough explanation of the worm.
http://www.bdtools.net/technical-details-downadup.php
And a removal tool, which hopefully you won’t need with CIS.
Later