It is locking out unique userids that haven't logged on to the machines in question, ever. I can only assume it must be querying the directory in some way.
On 23 February 2011 18:50, Micheal Espinola Jr <[email protected]>wrote: > It attempts to brute-force common accounts with common passwords as a > method of authentication in order to spread. Are you seeing something that > you would consider /unique/ to your domain? > > I wasnt aware that it would try to attack unique accounts based on locallly > chached information, but it certainly wouldnt be a far stretch for > what downadup can otherwise do. > > -- > ME2 > > > > > > > On Wed, Feb 23, 2011 at 9:26 AM, James Rankin <[email protected]>wrote: > >> Right, for my sins I appear to be stuck in the middle of a Conficker >> outbreak. I'm not here to advise about security, but five minutes into >> outbreak and the glaring hole of Autoplay being enabled is clearly how this >> thing is propagating, and they've been told. Fools - they are in the process >> of learning the hard way. >> >> I avoided Conficker in my last few roles thanks to good security >> practices, there's one question I can't work out from the Conficker >> write-ups though. How does this thing get it's list of accounts to attack? >> We have accounts locking out right left and centre, but they are clearly not >> just accounts that have previously logged on to the local machine. Does >> anyone know if this little beastie queries Active Directory in some way? >> >> TIA, >> >> >> >> JRR >> >> -- >> "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into >> the machine wrong figures, will the right answers come out?' I am not able >> rightly to apprehend the kind of confusion of ideas that could provoke such >> a question." >> >> *IMPORTANT: This email is intended for the use of the individual >> addressee(s) named above and may contain information that is confidential, >> privileged or unsuitable for overly sensitive persons with low self-esteem, >> no sense of humour or irrational religious beliefs. If you are not the >> intended recipient, any dissemination, distribution or copying of this email >> is not authorised (either explicitly or implicitly) and constitutes an >> irritating social faux pas. >> >> Unless the word absquatulation has been used in its correct context >> somewhere other than in this warning, it does not have any legal or no >> grammatical use and may be ignored. No animals were harmed in the >> transmission of this email, although the kelpie next door is living on >> borrowed time, let me tell you. Those of you with an overwhelming fear of >> the unknown will be gratified to learn that there is no hidden message >> revealed by reading this warning backwards, so just ignore that Alert Notice >> from Microsoft. >> >> However, by pouring a complete circle of salt around yourself and your >> computer you can ensure that no harm befalls you and your pets. If you have >> received this email in error, please add some nutmeg and egg whites, whisk >> and place in a warm oven for 40 minutes.* >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
