If you are a technical user, you can follow these steps:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
Other customers can follow these steps to remove W32/Conficker.worm and prevent it from spreading:
1. Install Microsoft Security Update MS08-067: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
2. Clean the infected systems, and reboot.
Use anti-malware solutions such as McAfee VirusScan Plus or ToPS for Endpoint to clean the infection. Use behavioral detection techniques like the buffer overflow protection in Host IPS to prevent future infections. This is important because Conficker can propagate via portable media such as infected USB drives. As the media are accessed, the system processes autorun.inf and executes the attack. For more information, read McAfee LabsTM ’ document “Combating Conficker Worm.”
3. Identify other systems at risk of infection
You need to identify which systems are at risk. The list includes systems that either are not patched against Microsoft vulnerability MS08-067 or do not have proactive protection controls to mitigate the vulnerability. McAfee Vulnerability Manager and ePolicy Orchestrator can identify systems that are vulnerable and not protected.
4. Limit the threat’s ability to propagate
Using network IPS at strategic points in your network will quickly limit the ability of the threat to spread. This gives you time to either update your client anti-virus signatures or modify policies to block the threat using the behavioral controls.
Reference:
http://www.mcafee.com/us/threat-center/conficker.aspx
http://www.microsoft.com/security/worms/conficker.aspx
No comments:
Post a Comment