Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Sunday, February 08, 2009

Protection is Here for Win32/Conficker.A and .B

Has your computer been infected recently?
Last month I wrote about the Conflicker Infection that has been the topic of many security experts.  Anyone who received an update patch from Microsoft last fall should be safe but apparently, plenty of people aren’t updating regularly.


Microsoft has recognized this infection is still around and has provided a fix along with additional information at http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx Thanks to Brett Roberts in Auckland, New Zealand for the tip.


Is it that bad?
The French publisher Libération has reported the Conficker worm disrupted computers used by the Ministry of Defense in France and grounded the Navy's Dassault Rafale aircraft.


French Rafale Fighter Jet


Last Friday the City of Houston Courts System had been infected and shut itself down for the day.  While they expect the court system to be up and running on Monday, many expect to find Conficker popping up on other city systems. While I typically recommend waiting a week or so for Microsoft’s Windows Updates, this is one update too many people missed.


Additional Help
If you use OpenDNS, which I recommended last year, you’ll soon have additional protection.  Starting Monday, OpenDNS will offer a feature to help administrators detect local machines which have been infected and will block machines from phoning home their payload. This is an entirely new direction for OpenDNS but given the scope of Conficker I think they may be on the right track. If you missed my post on OpenDNS you can read more at http://billpstudios.blogspot.com/2008/03/speed-up-internet-access-with-opendns.html


Update 2/10: Reports out of Houston now indicate the city's infection was in fact W32/Virut.n a variant of the virus Virut. This is contrary to news stories still being filed. The city had been using antivirus software from McAfee which did not include a signature file for this infection. Total down time was 4 days.

PC World reports, OpenDNS has partnered with our comrades at Kaspersky to obtain updated lists of malicious IP addesses.

Update 2/12: To show how serious they think Conficker is, Microsoft has announced a $250,000 reward towards the arrest and conviction of the folks responsible for this virus.
http://www.microsoft.com/Presspass/press/2009/feb09/02-12ConfickerPR.mspx 

Update 3/26:
 Conficker Judgement Day on April 1st

Labels: , ,

Share on Facebook


3 Comments:

Anonymous Anonymous said...

The so called Security Experts that advise to disable Windows Updates because of their paranoia that Microsoft is spying on them should be sought out and prosecuted to the full extent of the law.

I think that as the authors of Conflicker reside in Eastern Block counties that do not give a rats a$$ about giving up their money making populace as that is one of their easiest sources of income.

4:42 AM  
Anonymous Anonymous said...

" Anonymous Anonymous said...

The so called Security Experts that advise to disable Windows Updates because of their paranoia that Microsoft is spying on them should be sought out and prosecuted to the full extent of the law.

I think that as the authors of Conflicker reside in Eastern Block counties that do not give a rats a$$ about giving up their money making populace as that is one of their easiest sources of income. "


There is some reason to disable Windows Update, as sometime MS releases "bad" updates.


Thanks for the article!

6:43 PM  
Anonymous Anonymous said...

I agree with Jeremy; if Windows didn't include so much misdirected and/or useless crap with their "updates", I would allow them to be automatic. However, Microsoft has dropped the ball too often, and this, combined with their unabashed arrogance, has made me a very happy user of FireFox for the past six months...

12:59 AM  

Post a Comment

<< Home