Known as Conficker, Downadup, and Kido by many anti-virus programs, this virus spread by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability. It was discovered on November 21, 2008.
I have encountered flash drives being infected by this nasty virus. Although this can be removed by many anti-virus programs which has updated anti-virus definitions, a computer without anti-virus programs installed is very difficult to revive. In our company, we even resort to formatting the whole hard drive if the infection is very severe.
Recommendations:
- Use a firewall to block incoming Internet connections.
- Enforce a password policy.
- Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task.
- Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives.
- Turn off file sharing if not needed.
- Turn off and remove unnecessary services.
- Update your anti-virus definitions and OS everyday.
No comments:
Post a Comment