kasih tau cara make doors cleaner ini donk.. apa harus dibuka di setiap pc?? tutornya kl bisa..
nubie asli neh thx --- On Sat, 17/1/09, Adi Jayanto <[email protected]> wrote: From: Adi Jayanto <[email protected]> Subject: [asosiasi-warnet] 3.5 Juta++ PC terinfeksi Worm. Andakah salah satunya? To: [email protected], [email protected] Date: Saturday, 17 January, 2009, 10:24 AM Saya sudah mendeteksi ini di beberapa warnet. ternyata sudah 3.5 juta korbannya. Dan AVG diem aja (kalo mcafee, nod, sama symantec sih kena semua). Three million hit by Windows worm USB drives, BBC http://news. bbc.co.uk/ 2/low/technology /7832652. stm A worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users. The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008. Although Microsoft released a patch, it has gone on to infect 3.5m machines. Experts warn this figure could be far higher and say users should have up-to-date anti-virus software and install Microsoft's MS08-067 patch. "Right now, we're seeing hundreds of thousands of [infected]unique IP addresses " Toni Koivunen, F-Secure According to Microsoft, the worm works by searching for a Windows executable file called "services.exe" and then becomes part of that code. It then copies itself into the Windows system folder as a random file of a type known as a "dll". It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service. Once the worm is up and running, it creates an HTTP server, resets a machine's System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker's web site. INFECTED IPs WORLDWIDE * China 38,277 * Brazil 34,814 * Russia 24,526 * India 16,497 * Ukraine 14,767 * Italy 13,115 * Argentina 11,675 * Korea 11,117 * Romania 8,861 * United States 3,958 * United Kingdom 1,789 * Source: F-Secure Most malware uses one of a handful of sites to download files from, making them fairly easy to locate, target, and shut down. But Conficker does things differently. Anti-virus firm F-Secure says that the worm uses a complicated algorithm to generate hundreds of different domain names every day, such as mphtfrxs.net, imctaef.cc, and hcweu.org. Only one of these will actually be the site used to download the hackers' files. On the face of it, tracing this one site is almost impossible. Speaking to the BBC, Kaspersky Lab's security analyst, Eddy Willems, said that a new strain of the worm was complicating matters. "There was a new variant released less than two weeks ago and that's the one causing most of the problems," said Mr Willems "The replication methods are quite good. It's using multiple mechanisms, including USB sticks, so if someone got an infection from one company and then takes his USB stick to another firm, it could infect that network too. It also downloads lots of content and creating new variants though this mechanism." "Of course, the real problem is that people haven't patched their software. If people do patch their software, they should have little to worry about," he added. Technicians have reverse engineered the worm so they can predict one of the possible domain names. This does not help them pinpoint those who created Downadup, but it does give them the ability to see how many machines are infected. "Right now, we're seeing hundreds of thousands of unique IP addresses connecting to the domains we've registered," F-Secure's Toni Kovunen said in a statement. "We can see them, but we can't disinfect them - that would be seen as unauthorised use." Microsoft says that the malware has infected computers in many different parts of the world, with machines in China, Brazil, Russia, and India having the highest number of victims. Informasi Detail dari Technet http://www.microsof t.com/technet/ security/ Bulletin/ MS08-067. mspx Penanggulangan: Windows XP SP2 dan SP3: http://www.microsof t.com/downloads/ details.aspx? familyid= 0D5F9B6E- 9265-44B9- A376-2067B73D6A0 3&displaylang= en Windows Vista RTM dan SP1: http://www.microsof t.com/downloads/ details.aspx? familyid= 18FDFF67- C723-42BD- AC5C-CAC7D8713B2 1&displaylang= en WGA tidak dibutuhkan untuk mendownload. -- Adi Jayanto "I Love Gratis, Gratis is My Life" -- via archive mail 2009 [Non-text portions of this message have been removed] ------------------------------------ Visit Our Official Web Site : http://www.awari.or.id Lindungi anak-anak kita dari kejahatan dan p0rn0grafi di Internet! Ganti DNS resolver anda dan gunakan DNS resolver Nawala Project sebagai salah satu alternatif metode content filtering : - 203.34.118.10 (primary) - 203.34.118.12 (secondary) DNS filtering Nawala Project sekaligus akan melindungi komputer anda dari phising site, malware site, adsense site, situs judi dan illegal content berbahaya lainnya. Bantu kami, sebarkan informasi ini kepada orang-orang yang anda sayangi di lingkungan sekitar. Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/asosiasi-warnet/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/asosiasi-warnet/join (Yahoo! ID required) <*> To change settings via email: mailto:[email protected] mailto:[email protected] <*> To unsubscribe from this group, send an email to: [email protected] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
