Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Is Downadup or Conficker Detected by the AV Engine on ScreenOS?

0

0

Article ID: KB13254 KB Last Updated: 31 Mar 2009Version: 3.0
Summary:
Downadup, also known as Conficker (sometimes mis-spelled as Conflicker), is a worm that propagates on local and network drives by taking advantage of Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability. 
Symptoms:
Do Juniper firewalls with the proper AV license protect agains this malware?
Solution:
The Downadup/Conflicker malware/worm (including the detection of the Net-Worm.Win32.Kido (conficker.c)) is included in the Juniper Full AV Database, supported on all SSG platforms with the av_v2 license key installed. 

It is also recommended, if you haven't already done so, to install the Microsoft patch MS08-067, which protects the server against the source of the malware/worm.

Note:  The AV engine will detect incoming signatures that match the conficker/downadup/kido worm, and will drop it. However, if a device currently is already infected with the conficker/downadup/kido worm, it will not be able to detect traffic as it goes outbound. In order to detect that, you need to purchase the IDP product, which has that ability.  For more information, refer to KB13762.


Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search