Cleaning Conficker: Keeping Your Network Safe from Windows Worm
www.eweekeurope.co.uk/news/cleaning-conficker--keeping-your-network-safe
-from-windows-worm-103
...
As indicated above, Conficker also spreads by copying itself to the ADMIN$ share of the target machine. According to Microsoft, it firsts tries to use the credentials of the user currently logged on, which will work well in environments where the same user account is used for different computers on the network with full administrative rights. If that fails, the worm uses a list of user accounts on the target machine and tries to connect using each user name and a list of weak passwords.
This can be solved by using strong passwords for any user account or file share on the network.
...
Note: if computer A and computer B have same password for their each local Administrator account, Conficker on Computer A can use that password to gain access to ADMIN$ share on Computer B
Conficker Worm using Metasploit payload to spread
www.avertlabs.com/research/blog/index.php/2009/01/15
/conficker-worm-using-metasploit-payload-to-spread/
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment