[Owasp-singapore] FW: WORM_Downad.KK - Activates on April Fool's Day

Rick Zhong rick.zhong at gmail.com
Mon Mar 30 04:31:26 EDT 2009


Tighten your seatbelt, sit back and relax !!! LOL

Anyway here is an interesting Q&A article on this Conficker & April
fool's day thingy:

http://www.securityfocus.com/blogs/1802


regards,
Rick



2009/3/30 spawn of soul calibur <ruel555 at hotmail.com>:
> Hi All,
>
> Just want to check what measures have your company took to address this?
> Thanks!
>
> Regards,
> Ruel
>
>
> ----- Forwarded Message ----
> From: Trend Micro APAC <info at newsletters.trendmicro.com>
> To: ruel555 at yahoo.com
> Sent: Wednesday, March 25, 2009 4:42:44 PM
> Subject: WORM_Downad.KK - Activates on April Fool's Day
>
>
>
> WORM_Downad.KK –Activates on April Fool’s Day March 23, 2009
>
> Dear customers,
>
> Trend Micro would like to caution about a possible widespread infection on
> April Fool’s day. Please read the details and recommended actions below for
> your information.
>
> Details
> Worm_downad had infected more than 15 million computers, making it one of
> the widespread infections in recent times.
>
> A new variant of worm_downad (aka Conficker) is expected to be launched on
> April Fool’s day.
> Trend Micro detects this new variant as worm_downad.kk.  More information
> can be found at
> http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOWNAD.KK&VSect=T.
> Trend Micro detects this malware starting with pattern file 5.885.00.
>
> Compared to the old variants, worm_downad.kk is more sophisticated.  Here
> are a few of the payloads :
>
> Connects to various time servers to determine the current date and time.
> Register itself as a system service to ensure auto execution every startup.
> Deletes a registry key to prevent system startup in safe mode.
> Terminates security-related processes (i.e. procexp, regmon, autoruns, gmer
> etc.)
> Blocks access to security and antivirus websites.
> Generates 50,000 malicious URLs and attempts to connect to around 500 random
> generated URLs at a time.
>
> _________________________________________________________________________________
> Recommended Action
>
> Enable Web Threat Protection
> Make sure that you have the latest virus definitions (at least pattern file
> 5.885 .00 )
> Run a FULL system scan to ensure that malware does not exist on your PC
>
> Recommended Actions from External Sources
>
> How to protect against internet threats when you surf online?
> How to protect against threats when accessing Webmail?
>
>
> Best regards,
> Trend Micro APAC team
>
>
>
>
>
> Copyright © 1989-2009 by Trend Micro Incorporated. All rights reserved.
> Trend Micro and the Trend Micro t-ball logo are trademarks or registered
> trademarks of Trend Micro Incorporated. All other product or company names
> may be trademarks or registered trademarks of their owners.
> www.trendmicro.com
>
>
>
>
> ________________________________
> This message was sent by Trend Micro's Newsletters Editor using Responsys
> Interact (TM).
> Click here to unsubscribe or update your email preferences.
> Click here to view our permission marketing policy. Copyright 1989-2008
> Trend Micro, Inc. All rights reserved Trend Micro, Inc., 10101 N. De Anza
> Blvd., Suite 200, Cupertino, CA 95014
>
>
> ________________________________
> Chat online and in real-time with friends and family! Windows Live Messenger
> _______________________________________________
> Owasp-singapore mailing list
> Owasp-singapore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-singapore
>
>


More information about the Owasp-singapore mailing list