The Conficker/DOWNAD worm makes use of a domain generation algorithm (DGA) to download other malware onto infected systems. It prevents user access to antivirus-related sites and propagates via removable drives, network shares, and peer-to-peer (P2P) networks.It drops Autorun.inf in the available hard drives.
Symptoms:
The signs of a Conficker/DOWNAD infection include the following:
- High port 445 traffic
- Presence of randomly named entries for netsvcs in HKLM\Software\Microsoft\Windows NT\CurrentVersion\Svchost
- Subsequent connection to various URLs
- Existence of an AUTORUN.INF file on drives
- Existence of a file named x in the system directory or C:
- Existence of an unknown scheduled task at a particular time
How can users get rid of Conficker/DOWNAD system infections?
Users may also download, extract, and run the fixtool that we specifically created for this malware from this page. Finally, they should patch their systems with the latest Microsoft updates or at least download the specific patch that addresses the vulnerability that this malware exploits.
- Immediately install security patches as soon as vendors release them.
- Disable the Autorun feature on USB drives, particularly in WORM_DOWNAD.AD’s case.
- Users have to use complex passwords on their workstations to prevent brute-force password attacks via scheduled tasks.
- Limit user access to network shares.
0 comments:
Post a Comment