Alert - Guidance Regarding Increased Malware Activity: Conf icker

[Dr.Melzer 191]

Am Wochenende wurde gemeldet, dass es verstärkte Angriffe auf die Sicherheitslücke gibt, die in dem Microsoft Security Bulletin MS08-067 beschrieben wurde. Hierin wurde auf die Verfügbarkeit von Angreifer-Code hingewiesen, der die in Security Bulletin MS08-067 adressierte Sicherheitsanfälligkeit im Serverdienst ausnutzt und Remotecodeausführung ermöglichen kann. Betroffen sind Systeme unter Windows 2000, Windows XP und Windows Server 2003, auf denen das in MS08-067 bereitgestellte Sicherheitsupdate noch nicht installiert wurde.

 

Microsoft empfiehlt Benutzern die sofortige Installation des Updates!

[Dr.Melzer 191]

What is the purpose of this alert?

This alert is to make you aware of an increase in malware attacks against the vulnerability addressed in Microsoft Security Bulletin MS08-067 and to provide you with resources you can use to prevent or resolve issues associated with these attacks.

 

The most prevalent variant of the malware at this time is Worm:Win32/Conf ickerer.B. This is a worm that requires no user interaction for propagation.

 

Key Points:

• MS08-067 does resolve the underlying vulnerability, but due to the nature of these attacks, installing MS08-067 is not the only requirement for complete mitigation against these attacks.

• We are seeing increases in the rate and complexity of active attacks. The current malware attack is blended, using additional methods of infection to spread, including weak administrative passwords, removable drives and auto-play features on network shares. The worm requires no user interaction for propagation.

• Due to the nature of these attacks we are tracking an increase in support cases associated with this activity.

 

Recommendation:

 

 

Microsoft strongly recommends that users apply the update referred to in Security Bulletin MS08-067 immediately.

 

Microsoft also recommends that users ensure that their network passwords are strong to prevent this worm from spreading via weak administrator passwords. More information is available here.

 

 

WHERE TO FIND CURRENT INFORMATION

 

The Microsoft Malware Protection Center (MMPC) Encyclopedia entry for current variants of this malware is the best resource available for identifying the virus in your environment. The MMPC Encyclopedia entry provides a detailed list of symptoms you can review to check for possible infection, steps to prevent infection or spread and recovery steps.

 

• The MMPC Malware Encyclopedia entry for Worm:Win32/Conf ickerer.B Is here: Microsoft Malware Protection Center

 

• The MMPC blog is also being used to communicate our current intelligence regarding these attacks: Microsoft® Malware Protection Center : Just in time for New Year's.....

 

ADDITIONAL RESOURCES

 

• The Microsoft Malware Protection Center (MMPC): Microsoft Malware Protection Center - Top Detections.

 

• MMPC entries for all variants of Conf ickerer: Microsoft Malware Protection Center - Search : Conf ickerer

 

• Microsoft Security Advisory 958963 – Exploit Code Published Affecting the Server Service: Microsoft Security Advisory (958963): Exploit Code Published Affecting the Server Service.

 

• Microsoft Security Bulletin MS08-067 - Vulnerability in Server Service Could Allow Remote Code Execution (958644) - Microsoft Security Bulletin MS08-067 – Critical: Vulnerability in Server Service Could Allow Remote Code Execution (958644).

 

• MSRC Blog: The Microsoft Security Response Center (MSRC).

 

REGARDING INFORMATION CONSISTENCY

 

We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative.

 

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

 

Thank you,

Microsoft CSS Security Team