Friday, March 20, 2009

Worm Attack!

Tolong!!!Ofis aku kne attack!TOLONGGGGGG!!
hahaa padan muke!sape suruh xpatch window!
hmmm...skrg spe yg susah?aku jugak!!xpasal2 aku kne cleanup worm nih..

Its all began when our server2003 got infected..honestly aku xtau r client mne yang bawak worm tuh..budget AV power r..so bio jela worm tuh beranak pinak kt hospital server2003...hahaha..kitorg mmg baik ati...xsampai ati nk halau worm tuh..sian gak kt diorg xde org ske n xde tmpt tingal...klo ade pon esok luse dh kne halau..

tp sejak dpt bilik kt server2003 worm tuh dh jadi penyewa tetap dh..rilek jek die bawak suku sakt die masuk client2 lain..tp cm aku ckp kitorg pemurah..so biakan la diorg...n then the problem start. Worm2 nih dh mule nk tunjuk belang n melawan tokey..AV kitorang plak pengecut! stakat detect n quarantine jek..bengong!

TARGET: WORM_DOWNAD.A /Win32.Kido.CG/W32.Conficker

PROBLEM:

  1. Login account kt Active Directory (AD) keeps on locking out. Even dah unlock pon die akn auto lock balik.Time ni belambak2 la user call ckp xleh print (through network printer).
  2. Access to related antivirus sites kne blocked.
  3. Service cam Windows Automatic Update Service kne disabled
  4. High traffic on affected system’s port 445
  5. Hidden files even after changes in Folder Options
*yang paling obvious account kne locked out la…penat aku nk unlock account tuh..hehhehhe…

OUTBREAK:

  1. Network Shares (Brute Force Attack)
    Menatang worm ni akan masuk network gune windows “Default Share” (Admin$\system32) dgn membrute force password administrator. Haaaa....nilah sebabnyer user account asik kne lockout. Worm tuh akn try login smpi la account user tuh terdisconnect dlm domain n account became locked. **untuk yg gne domain log in shj!

  2. Removable Drives
    Hmm...bus express yg bawak virus ni masuk dlm server aku – USB Removable Drive. Disini diingatkn bahawa sy mengunakan term “server aku” sebab aku yg jg server!hahahaa.Virus ini akn create satu hiden file dlm root drive iaitu –
  • Autorun.inf
  • RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
SOLUTION:

Cara-cara untuk menghalau worm ini adalah seperti berikut:
  1. Disconnect from network klo pc still connecting to network.
  2. Turn off system restore utk XP –nk elak re-infection once worm dh remove.
  3. Masuk safe mode klo boleh la..tp klo xleh hentam je la normal mode.
  4. Update AV-donlod cleaning tools untuk natang virus nih…rasenyer sume AV dh release update n patch untuk worm nih.
  5. Finally bile dh remove tolong2 la update windows tu ye..

Sekian…..

2 Comments :

At March 22, 2009 at 8:30 PM , Blogger Hananeechan said...

ha..ckp pasal ni, ari khamis aritu kat comp lab, pc tu ade virus ape ntah tatau. tapi bila cucuk thumbdrive, sume filename dia tambah dot something kat blkng. lupa dot apa..bile scan, of coz la dia detect, tapi sume infected files dia delete.
doh!
sekarang tinggal 4 files je dlm tu.
=(

hilang da sume keje2 lam tu.T_T

 
At March 23, 2009 at 5:19 PM , Blogger aiManYgCoMeL said...

sungguh bijak & macho man...

 

Post a Comment

Subscribe to Post Comments [Atom]

<< Home