4 Replies Latest reply on Feb 27, 2009 8:50 AM by Peter M

    Conficker B++

      We are currently using Mcafee Virus Scan 8.7i enterprise (.dat file version 5536.0000) in our environment and have patched our Windows Server and updated our virus dat files to protect against the Conflicker virus. We have recently seen that a new variant, dubbed Conficker B++, has been unleashed unto the internet and have the following questions.


      1) Is Mcafee aware of this new variant? (Conficker B++)
      2) If Yes,
      a) Have new .dat files been issued to protect against this?
      b) When was this dat incorporated into a full dat file release?
      c) what version was it incorporated into?
      d) And does our current .dat file version 5536.0000 protect us against this?


      Can anyone advise on this? Have not seen anything on the forums about this new threat:confused:

      Moved to Desktop & Server (Corporate) for better service - MOD
        • 1. RE: Conficker B++
          Conficker B++null is also known as Conficker.worm.gen.b (McAfee speak). Supposedly protection has been available since DAT 5481, with improved detection in the 5510 DAT. However, as our company has been re-infected again this week (along with a number of large corporates who are also McAfee customers), we are finding it hard to trust the info being made available to us.
          • 2. RE: Conficker B++
            Well first thanks for the reply. I had contacted Avert labs and they response was the worst I have ever seen. Imagine a big time Anti virus company tells me that unless I can send a copy of the virus to them they cant say if they have protection against the conflicker worm or its variants because they don,t call the worm conflicker so they wont know what I am talking about lol, I mean are these guys for real :eek: , its all over the internet and cnn and yet they don't know what conflicker worm is :eek: and that their software detects it as W32/Conficker.worm.gen.b. http://vil.nai.com/vil/datreadme.aspx?seldatfiles=5510

            Well from what I know the protection is a 2 step approach , we need to have the windows update and the anti virus and we should be protected. But from what your saying it appears having the WindowsUpdate+Latest dat with protection is not good enough as your systems are still getting infected :eek:.
            • 3. RE: Conficker B++
              Laszlo G
              For beeing prevented from confiker you need at least patch MS08-067 from Microsoft and using complex passwords in you shares because confiker uses brute-force attack for infecting them.

              You also need to block any autorun.inf in your pendrives because confiker uses this function to infect all the machines it connects to.

              As per McAfee it's true they need the file because there are a lot of variants detected as W32/Conficker.worm.gen.b and not all of them are included in actual DAT's (because not all of them are detected by McAfee or any other antivirus software)