-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
____/ Doug Mentohl on Monday 23 February 2009 15:50 : \____
> Conficker is one of a new interesting breed of self-updating worms that
> has drawn much attention recently from those who track malware ..
>
> The exploit employs a specially crafted remote procedure call (RPC) over
> port 445/TCP, which can cause Windows 2000, XP, 2003 servers, and Vista
> to execute an arbitrary code segment without authentication. The
> exploit can affect systems with firewalls enabled, but which operate
> with print and file sharing enabled ...
>
> Conficker .. checks for the presence of a firewall. If a firewall
> exists, the agent sends a UPNP message to open a local random high-order
> port ..
>
> Next, it opens the same high-order port on its local host .. This
> backdoor is used during propagation, to allow newly infected victims to
> retrieve the Conficker binary.
>
> http://mtc.sri.com/Conficker/
>
> What is XML-RPC? It's a spec and a set of implementations that allow
> software running on disparate operating systems, running in different
> environments to make procedure calls over the Internet.
>
> http://www.xmlrpc.com/
>
> I am very suspicious of tools that allow you to bypass network security
> systems. Yes, they make life easier. But if security is important, than
> all security decisions should be made by a central process; tools that
> bypass that centrality are very risky ...
>
> http://www.schneier.com/blog/archives/2005/07/microsoft_build.html
Conficker already has undetectable siblings (variants). We're only seeing the
beginning of this saga and amid meltdown, the last thing businesses and
hospitals need is to become a sub-botnet.
- --
~~ Best of wishes
Roy S. Schestowitz | Gas, brake, honk! Honk, honk, punch! Gas, gas!
http://Schestowitz.com | Open Prospects | PGP-Key: 0x74572E8E
Tasks: 140 total, 1 running, 139 sleeping, 0 stopped, 0 zombie
http://iuron.com - knowledge engine, not a search engine
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmi+/YACgkQU4xAY3RXLo4AhgCaA4SWWtdJhjiNpeB9QYtzkY8F
F4EAnROVYsMdFZr/ywtnGo7POh+isPig
=RHqX
-----END PGP SIGNATURE-----
|
|
