VIRUS ALERT! Conficker Worm – January 23, 2009

VIRUS ALERT! Conficker Worm – January 23, 2009


Security Alert:
Conficker
Worm

Also known as:

Trojan.Downloader.JLIW (
BitDefender
)

Win32/
Conficker
.A (CA)

Win32/
Conficker
.A (
ESET
)

Trojan-Downloader.Win32.Agent.aqfw (
Kaspersky
)

W32/
Conficker
.worm (
McAfee
)

W32/
Conficker
.E (Norman)

W32/
Confick
-A (
Sophos
)

W32.
Downadup
(
Symantec
)

Trojan.Disken.B (
VirusBuster
)

TA08-297A (other)

CVE
-2008-4250 (other)

VU
827267 (other)

Win32/Conficker.worm.62976 (
AhnLab
)


Computer Operating Systems at Risk:

Windows 2000 (All Editions)

Windows
XP
(All Editions)

Windows Server 2003 (All Editions)

Windows Vista (All Editions)

Windows Server 2008 (All Editions)

What the worm does:

It exploits a security lapse in the Microsoft Windows Operating system, which in turn infects your computer’s system files, deletes any
restore points
(which hampers our ability to restore your computer in case of infection or disaster), and then looks for other computers to infect.

To defend/prevent your network from attack you should do the following:

Update all workstations, laptops, & servers with the latest security updates by running windows update and installing any security related patches. If you are a
Syscon
Managed Services
client that subscribes to our Windows Update Service, then this has already been done for you.

Update all Anti-Virus software to the latest release and verify that your systems are running the latest virus definition files. If you are a
Syscon
Managed Services Client
, our remote monitoring constantly checks to make sure your Anti-Virus Software is up to date and you have the latest virus definitions available.

Use a firewall to block all incoming connections from the
internet
to services that should not be publicly available. Update any available firmware and filter software and use complex passwords for your user accounts.

What to do if you think one of your PC’s is infected:

Immediately remove the infected device from the network. You can do this by unplugging the network cable from the back of the computer. Boot your operating system to safe mode and run a full virus scan using the latest Virus definition files available to your Anti-Virus Software. If an infection is found, most Anti-Virus software will automatically remove the threat. Once the threat is found and removed you will need to reboot your computer to completely remove the virus. If your software does not automatically remove it, there are several removal tools available from the major Anti-Virus Software Manufactures that you can download and use.

To Get Help:

If you are a
Syscon
Managed Services client, we will have already notified you of this potential issue and taken any known precautionary steps. Call us at 800-545-2012 or
contact us
via the Web if you would like to get confirmation and an status update for your network.

If you need help with resolving or preventing this and future virus attacks, call us at 800-545-2012 or
contact us
via the Web.

Other Informative Links on this Virus Threat:

Information from Microsoft

PC World


Norton Anti-Virus from
Symantec


McAfee
Anti-Virus