BitDefender Client Standard
Format string vulnerability Certain strings inserted in the scanning settings will be processed when the log is created. This vulnerability affects BitDefender Client Professional Plus build 8.02.
BitDefender releases the Downadup removal toolShort description of the Downadup/Conficker/Kido behaviour:
1. It creates files autorun.inf and RECYCLED\{SID<....>}\RANDOM_NAME.vmx on removable drives and on public network shares
2. It stores itself in the system as a DLL-file with a random name in c:\windows\system32\
3. It registers itself in system services with a random name, creating the following service:
Name: netsvcs
ImagePath: %SystemRoot%\\system32\\svchost.exe -k netsvcs
Then the worm creates the following registry entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsvcs\Parameters\"ServiceDll" = "[PathToWorm]"
4. The worm deletes any user-created System Restore points.
5. It tries to attack network computers via random ports, using Microsoft Windows vulnerability MS08-067. The worm then creates a http server on the compromised computer on a random port, for example:
http://[EXTERNAL IP ADDRESS OF INFECTED MACHINE]:[RANDOM PORT]
6. Upon successful exploitation, the other computer will then connect to this URL and download the worm spreading the infection.
7. Downadup then contacts several domains and tries to download additional files onto the compromised computer.
How to obtain a product's exact versionThis article aims to describe the proper way to obtain the exact version of a BitDefender Business product.
Showing articles from 11 to 13 of 13
Page 1 Page 2