Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 14 January 2009 04:04:55 (GMT) |
| Last updated | 17 January 2009 02:09:00 (GMT) |
| Detected by | Sophos Anti-Virus for Windows, version 7 |
Action
- Summary
- Action
- More Information
Your options
If you've received an alert, then you have 2 options:
- authorize the file
- send the file to the lab for analysis
Authorize the file if it's from a trusted source.
Send it to the lab for analysis if you:
- do not trust the file
- or believe it to be compromised in some way
To reduce the chance of unwanted detections, Sophos HIPS should be set to 'Alert only' mode for the duration of any software installations. For more information, please read the knowledgebase article about deciding whether to allow or block a file.
Sending a file to the lab?
When you complete the sample submission form, please give a reason for your submission and mention this "HIPS/" detection.
Ensure Windows is fully updated to fix the MS08-067 vulnerability that Sus/Conficker-A uses to spread.
Ensure HIPS and buffer overflow prevention are both turned on and that "alert only" mode is turned off.
Ensure the on-access scanner is turned on and that "on write" scanning is enabled.
Please send all samples of Sus/Conficker-A to Sophos so that they can be analysed. This will help us to improve our detection for the Conficker family of worms.
More Information
Sus/Conficker-A has charecteristics similar to Mal/Conficker-A, a worm for the Windows platform.
Sus/Conficker-A spreads over the network by exploiting the MS08-067 Windows server service vulnerability.
Sus/Conficker-A will attempt to copy itself to the following location:
<System>\<random letters>.dll
|
