El DOWNADUP o mejor concido como conflicker ha echo escante en el mundo en los pasados meses. Con mas de 10.5+ millones de pc infectadas ha podido lograr traer las conversaciones tenemos un "Patch Tool / Path Strategy" a la mesa de MUCHOS CIO,CFO, IT Directors, IT Adminstrators e IT PROs.
De primera mano he trabajado con mas de 10 clientes (Enterprise Level) en los pasados meses que de alguna manera han sido afectados negativamente por este CONFLICKER trojan.
La solucion es aplicar los parchos que ha notificado Microsoft en su boletin MS08-067 & 068. El gruop mundial de empresas y productores de soluciones de protecion para sistemas del mundo PC han provisto sus herramientas de remocion (removal tools) junto a sus anti-cuerpos , de veras ayudan... pero sin duda alguna la ayuda complementada es DOWNLOAD THE UPDATE / SECURITY PATCH!!!!
Los sentimeintos son mixtos cuando un manufacturero del software de seguridad / protecion y el manufacturero del OS pueden ayudar a remediar o prevenir que nuestro sistemas se afecten y nuestros negocios tengan que recibir perdidas a causa de el DOWNADUP. SCAN for POSSIBLE INFECTED SYSTEMS
Imporatnte, este afecta a los siguientes sistemas / OS: (OJO NO VEO VISTA... GRACIAS al UserAccountControl ?)
MICROSOFT AYUDA CON UN BUEN KB DE como REMOVER Y Prevenir la PROPGACION DE ESTE MAL...
http://support.microsoft.com/default.aspx/kb/962007 (El link a sido revisado 17 Febrero de 2009)
PREVENT infection by:
Make sure that your antivirus software is up-to-date and disable Autoplay *and* Autorun functionality if possible. Downadup spreads itself via Network Shares and Removable Storage Devices such as USB memory. Downadup also attempts to brute-force account passwords so make sure that your administrator accounts are secure and use strict passwords.
English Notes below:
" The worm, first identified in November and suspected to have originated in the Ukraine, is quickly ramping up, and while Downadup today is not malicious in the sense of destroying files — its main trick is to block users from accessing antivirus sites to obtain updates to protect against it — the worm is capable of downloading second-stage code for darker purposes. Many experts anticipate that could occur soon.
It's building its network of hosts."
While no one knows exactly what stage two payload will bring, one reason for the worm's somewhat slow but steady progress is its use of Windows "AutoRun" to copy itself through Windows file-sharing and USB tokens, Cross says.
"If it copies itself to a file share, and if the user clicks on a file, the user's computer will get infected," Cross says. "Even if the computer is patched, you can still get infected if you access one of the infected USB drives or file shares." Cross advises that AutoRun be disabled.
This is an additional means of the worm spreading beyond exploiting the Windows RPC flaw identified last October 2008, for which a patch is available. The worm also has a password-cracker that is adept at cracking administrative accounts or other computers, IMPORTANT TO USE STRONG PASSWORD and not simple common passwords.
What the bad CONFLICKER does:
http://cid-8bebe03ce418570a.skydrive.live.com/browse.aspx/.res/8BEBE03CE418570A!699
Que las fuerzas del Bien los ayuden...
Isvet Laclaustra
