I got this information and thought it worth sharing with you.
Any body a victim, or it is just one of those "Y2K" kind of stuff?
Mburu
---------- Forwarded message ----------
From: Welcome to Business Information Technology .or.ke <kkimson(a)gmail.com>
Date: 2009/4/3
Subject: Business Information Technology (bit.or.ke)
To: solo.mburu(a)gmail.com
Business Information Technology
(bit.or.ke)<http://www.bit.or.ke/index.php?option=com_content&view=frontpage>
[image:
Link to Welcome to Business Information Technology
.or.ke]<http://www.bit.or.ke/index.php?option=com_content&view=frontpage>
How to Protect yourself from the Conficker computer
worm<http://feedproxy.google.com/%7Er/WelcomeToBusinessInformationTechnologyorke…>
Posted: 02 Apr 2009 07:16 AM PDT
Lately we have seen lots of media coverage on how the Conficker worm is
going to cause havoc on April 1. The Conficker worm, formally named
W32/Conficker.worm, started infecting systems late last year by exploiting a
vulnerability in Microsoft Windows. Since then we have seen a couple of
variants of this worm and lots of binaries that carry this malicious
payload. Conficker.C is the latest variant; it will change the behavior of
its “call-home protocol” on Wednesday, April 1st. Conficker may use this
protocol to update itself to include some as-yet unknown functionality. Some
antivirus companies already offers protection from this worm in its endpoint
and network products. Microsoft has also issued a security update to patch
the vulnerability that the Conficker family has used to propagate. The
following information will give you an overview of the worm, the steps one
can take to clean an infected system, and measures to prevent reinfection.
What is the Conficker worm?
The W32/Conficker worm exploits the MS08-067 vulnerability in Microsoft
Windows Server Service. If the vulnerability is successfully exploited, it
could allow remote code execution when file sharing is enabled. Machines
should be patched and rebooted to protect against this worm’s reinfecting
the system after cleaning, which may require more that one reboot.
* Upon detecting this worm, reboot the system to clean memory correctly. May
require more than one reboot.
* The worm often creates scheduled tasks to reactivate itself.
* The worm often uses autorun.inf files to reactivate itself.
It has been identified thousands of binaries that carry this payload.
Depending on the specific variant, the worm may spread via LAN, WAN, web, or
removable drives and by exploiting weak passwords. Conficker disables
several important system services and security products and downloads
arbitrary files. Computers infected with the worm become part of an army of
compromised computers and could be used to launch attacks on web sites,
distribute spam, host phishing web sites, or carry out other malicious
activities.
Conficker.C is the most recent variant of this worm and is dependent on its
predecessors, the .A and .B variants. Exposure to .C is limited to systems
that are still infected with the earlier variants.
The virus, called Conficker or Downadup, first appeared in November 08 but
has recently become more prevalent, infecting millions of machines by some
estimates. Technically it’s a worm, a kind of malicious software that
automatically spreads itself from computer to computer. The cyber-security
community is up in arms because worms haven’t been an issue for years.
Over the course of the decade, computer hackers shifted their techniques
away from rapidly spreading worms—people will remember worms like “blaster”
and “Melissa” that shut down entire offices for a day or two—towards
targeted snippets of code that are harder to detect. The reason: money.
Worms are basically a big irritant; code that gets past security software
can be used to steal information or make a computer send spam email, both of
which command a big price on the black market.
Microsoft issued a software update that protects computers from Conficker in
October 08. Most anti-virus software will also stop it. The result is that
while Conficker is spreading rapidly, it is mainly doing so in parts of the
world where people haven’t updated their systems. About 29% of infections
are in China, followed by Argentina, Brazil, Russia, and India, according to
Symantec. Many of these countries are among those with the highest rate of
software piracy, which probably isn’t a coincidence. Less than 1% of
infections appear to be in the U.S. according to multiple security
researchers.
Conficker is, by all accounts, a pretty sophisticated piece of
software.According to the Internet Storm Center, which tracks virus
infections and Internet attacks, Conficker can spread in three ways.
First, it attacks a vulnerability in the Microsoft Server service. Computers
without the October patch can be remotely attacked and taken over.
Second, Conficker can attempt to guess or 'brute force' Administrator
passwords used by local networks and spread through network shares.
And third, the worm infects removable devices and network shares with an
autorun file that executes as soon as a USB drive or other infected device
is connected to a victim PC.
Conficker and other worms are typically of most concern to businesses that
don't regularly update the desktops and servers in their networks. Once one
computer in a network is infected, it often has ready access to other
vulnerable computers in that network and can spread rapidly.
Home computers, on the other hand, are usually protected by a firewall and
are less at risk. However, a home network can suffer as well. For example, a
laptop might pick up the worm from a company network and launch attacks at
home.
The most critical and obvious protection is to make sure the Microsoft patch
is applied. Network administrators can also use a blocklist to try and stop
the worm's attempts to connect to Web sites.
And finally, you can disable Autorun so that a PC won't suffer automatic
attack from an infected USB drive or other removable media when it's
connected. The Internet Storm Center links to one method for doing so but
the instructions involve changing the Windows registry and should only be
attempted by adminstrators or tech experts. Comments under those
instructions also list other potential methods for disabling autorun.
The U.S. Department of Homeland Security released a tool to detect whether
a computer is infected by the Conficker worm.
You are subscribed to email updates from Welcome to Business Information
Technology .or.ke<http://www.bit.or.ke/index.php?option=com_content&view=frontpage>
To stop receiving these emails, you may unsubscribe
now<http://feedburner.google.com/fb/a/mailunsubscribe?k=QNhVKXYSghseaLJTCOtqo-l…>
.Email delivery powered by Google Inbox too full? [image:
(feed)]<http://feeds2.feedburner.com/WelcomeToBusinessInformationTechnologyorke>
Subscribe<http://feeds2.feedburner.com/WelcomeToBusinessInformationTechnologyorke>to
the feed version of Welcome to Business Information Technology .
or.ke in a feed reader. If you prefer to unsubscribe via postal mail, write
to: Welcome to Business Information Technology .or.ke, c/o Google, 20 W
Kinzie, Chicago IL USA 60610
--
Man is a gregarious animal and enjoys agreement as cows will graze all the
same way to the side of a hill!
It takes 150,000 acres (66,0000 ha)
in Turkana to produce 30% of the country's electricity requirements
from wind only. If you dont believe me check out
www.laketurkanawindpower.com.
They are in the process of putting up 326 wind turbines and 425 km of
powerlines. My only beef is that it's taken Dutch tourists to harness
the reasources in our own backyard right under our noses.
If I was to go mathematical doesn't this mean with an additional 45k
acres we can double our energy output currently standing at 1000 Mw?
And from renewable source; green power!
--
David Kiania
[Asentric Consulting Ltd]
If a man has in himself the soul of a slave will he not become one no
matter what his birth ....
-Richest Man in Babylon
WhereCamp Africa is now in session.
You can follow on Twitter: #WhereCampAfrica or #wcafrica
Live blogging: http://silcsolutions.com/Liveblog.aspx
--
Regards,
Martin Kamau
Hi All,
Welcome back. Please remember to update your address books.
Old Address: skunkworks(a)my.co.ke
New Address: skunkworks(a)lists.my.co.ke
A vcf has been attached.
On Fri, 2009-04-03 at 19:22 +0300, skunkworks-request(a)lists.my.co.ke
wrote:
> Hi,
> Welcome back to the skunkworks list. We had an un-anticipated outage (that is yet to be resolved). Due to this, we have moved the list to another box and resubscribed you...
> Please have a look at http://my.co.ke for a bunch of other services available.
>
> Sorry for the incovinience..
>
> Regards,
> AdminWelcome to the Skunkworks(a)lists.my.co.ke mailing list!
>
> To post to this list, send your email to:
>
> skunkworks(a)lists.my.co.ke
>
> General information about the mailing list is at:
>
> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>
> If you ever want to unsubscribe or change your options (eg, switch to
> or from digest mode, change your password, etc.), visit your
> subscription page at:
>
> http://lists.my.co.ke/cgi-bin/mailman/options/skunkworks/lmwangi%40gmail.com
>
>
> You can also make such adjustments via email by sending a message to:
>
> Skunkworks-request(a)lists.my.co.ke
>
> with the word `help' in the subject or body (don't include the
> quotes), and you will get back a message with instructions.
>
> You must know your password to change your options (including changing
> the password, itself) or to unsubscribe. It is:
>
> boeccaek
>
> Normally, Mailman will remind you of your lists.my.co.ke mailing list
> passwords once every month, although you can disable this if you
> prefer. This reminder will also include instructions on how to
> unsubscribe or change your account options. There is also a button on
> your options page that will email your current password to you.
Regards,
--
Laban Mwangi
Systems Analyst
Penguin Labs Ltd
Tel: (+254)20 4211777
Tel: (+254)20 3592272
Mobile: (+254)735 823856
GPG Key:AE3E905F
website:www.penguinlabs.co.ke
