Prevent Conficker Virus with Security Bulletin MS08-067
Microsoft warns Win32/Conficker.A worm that can attack with the weakness of file sharing Worm attack Windows Server service (SVCHOST.EXE), Windows OS user are required to update the Security Bulletin MS08-067
Virus search files’ services.exe ‘, and inject itself into the file. The virus will create a file to the System folder, and also random and arbitrary as to name or xxxx.dll as nyxme.dll.
The virus will change the date as the date a file Kernel32.dll. Way alter the date, the virus tries to protect itself from the investigation, such as when the virus began to enter into the computer. DLL file also changes with the registry file to add value:
Adds value: “DisplayName”
With data: “0″
To subkey: HKLM \ SYSTEM \ CurrentControlSet \ Services \ vcdrlxeu
Adds value: “ServiceDll”
With data: ” \ nxyme.dll”
To subkey: HKLM \ SYSTEM \ ControlSet001 \ Services \ vcdrlxeu \ Parameters
If the virus had been merapihkan and all the way, the virus will open a port between 1024 – 10,000, and baypass system Windows Firewall. The virus also shut the system sharing the internet connection service.
Dissemination through:
Computer network LAN, Worm Win32/Conficker.A will copy and start randomly dancing IP address on the LAN network. And try to find the Windows that is not in the patch with the weaknesses in the SVCHOST.exe.
If you find the Worm, the Worm will instruction another computer to download files via HTTP or Host Computer port that have been opened.
Worm akan directing other sites such as the name
getmyip.org
getmyip.co.uk
checkip.dyndns.org