Microsoft updates free tool to remove persistent worm
Microsoft has updated its free security tool to remove a persistent worm that is targeting a now-patched but severe vulnerability that affects several server products.
The latest update to the Malicious Software Removal Tool (MSRT) can now remove infections of Conficker, a worm that infects a server and then tries to download other malicious software, according to a company blog.
Conficker targets a flaw in Windows Server Service. Microsoft thought the flaw was so severe that it issued an out-of-cycle patch on Oct. 23 for Windows 2000, XP, Vista, Server 2003 and Server 2008.
Microsoft has observed a new variation of the worm, called Win32/Conficker.B, that has been infecting servers. Systems become infected when a hacker constructs a malicious Remote Procedure Call (RPC) to an unpatched server, which then allows arbitrary code to run on a machine.
Conficker.B uses other methods to spread, including trying to copy itself to other shared network machines by guessing passwords, wrote Cristian Craioveanu and Ziv Mador, on the Microsoft Malware Protection Center blog. It can also spread via removable media.
Conficker uses several tricks to avoid detection. It uses a technique called polymorphism, a mechanism that can use compression and encryption to make the code appear different to antivirus software and more difficult to detect. It also makes its files hard to detect and changes key access rights, Microsoft said.
The outbreak of Conficker.B is mostly affecting customers who are running large networks. Countries with affected systems include the U.S., Mexico, France, Spain, Canada, Italy, Brazil, South Korea, Germany, Malaysia and the Czech Republic, Microsoft said.
The company's MSRT is a simple security tool that scans a PC and can remove some malicious software. It is far short of a full antivirus suite, but Microsoft has invested in supporting the tool to help remove some of the most flagrant and nagging malicious software affecting Windows PCs and servers.
The company is recommending that administrators make the passwords for shared networks stronger and then run a MSRT scan.
Infected computers, however, may not be able to access Windows Update, the built-in update tool for Windows. Microsoft has given instructions for how to download the MSRT with a clean machine and then distribute MSRT.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
microsoft
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Protect and clean your PC.
When searching for an antispyware scanner that will protect and clean your PC it can get a little confusing. There are so many available it’s hard to know which one will work the best. If you’re like me, you’ve probably tried a variety of them all and found they basically all find the same types of bugs. Through my experimenting I’ve found that the antispyware solution from Search-and-destroy at (http://www.Search-and-destroy.com) works the best. Search-and-destroy Antispyware cleans and protects my computer just as good as any scanner, it gets rid of those nasty bugs and it does it all for less than many of the others available.