This content has been marked as final. Show 4 replies
Conficker B++null is also known as Conficker.worm.gen.b (McAfee speak). Supposedly protection has been available since DAT 5481, with improved detection in the 5510 DAT. However, as our company has been re-infected again this week (along with a number of large corporates who are also McAfee customers), we are finding it hard to trust the info being made available to us.
Well first thanks for the reply. I had contacted Avert labs and they response was the worst I have ever seen. Imagine a big time Anti virus company tells me that unless I can send a copy of the virus to them they cant say if they have protection against the conflicker worm or its variants because they don,t call the worm conflicker so they wont know what I am talking about lol, I mean are these guys for real :eek: , its all over the internet and cnn and yet they don't know what conflicker worm is :eek: and that their software detects it as W32/Conficker.worm.gen.b. http://vil.nai.com/vil/datreadme.aspx?seldatfiles=5510
Well from what I know the protection is a 2 step approach , we need to have the windows update and the anti virus and we should be protected. But from what your saying it appears having the WindowsUpdate+Latest dat with protection is not good enough as your systems are still getting infected :eek:.
For beeing prevented from confiker you need at least patch MS08-067 from Microsoft and using complex passwords in you shares because confiker uses brute-force attack for infecting them.
You also need to block any autorun.inf in your pendrives because confiker uses this function to infect all the machines it connects to.
As per McAfee it's true they need the file because there are a lot of variants detected as W32/Conficker.worm.gen.b and not all of them are included in actual DAT's (because not all of them are detected by McAfee or any other antivirus software)