[RTC List] Article on USA Today identifies serious new internet worm

robert beckerdite robert at beckerdite.com
Tue Jan 27 13:27:48 PST 2009 

Agreed.  I think i will write another tech beat on patch management once my wireless article is done.  If I knew the right forum i would love to give a talk on it.  The maintenance of things like backup, patch managment, antivirus signature updates, wireless networks and personal firewalls are all areas where modern businesses find a lot of difficulty.  I think a lot of people and businesses simply don't know how to prioritize addressing these issues vs their day to day operational/life needs.  I am hoping that by bringing the subject up every now and then it might help a few more people than would get to it otherwise.  Robert BeckerditeSenior Engineer and OwnerBeckerdite Consulting(707) 703-1528www.beckerdite.com

From: pbitton at hotmail.comTo: robert at beckerdite.com; list at redwoodtech.orgSubject: RE: [RTC List] Article on USA Today identifies serious new internet wormDate: Tue, 27 Jan 2009 13:16:19 -0800


Which just goes to show how important it is to patch every month. Companies have had three months to patch against this and evidently many have failed to do so.
 


Pat Bitton
Partner, Euresto Partners Inc
Sales & Marketing Strategies for Technology Startups
+1 707 268 8968/+1 408 464 0829 cell

MSN IM: pbitton at hotmail.com
Skype: pat.bitton
Follow me on Twitter: @PatBittonTIP
www.eurestopartners.com
 
Looking for security advice? Check out
www.theinternetprotectors.com
 


From: list-bounces at redwoodtech.org [mailto:list-bounces at redwoodtech.org] On Behalf Of robert beckerditeSent: Tuesday, January 27, 2009 1:01 PMTo: list at redwoodtech.orgSubject: [RTC List] Article on USA Today identifies serious new internet wormImportance: High
Please consider this and take the appropriate measures to protect your business.  Link with instructions to disable autorun.http://www.us-cert.gov/cas/techalerts/TA09-020A.html 
Cybercrime experts keep close watch on Internet worm
 
The world's top virus hunters are watching every move made by the attacker in control of a nasty new Internet worm — referred to as "downadup" or "conficker."
What worries them most is that the person, or group, controlling the worm could at any time direct the PCs to carry out criminal activities on an unprecedented scale. And there's not much anyone can do to stop them.
The attackers could use the infected PCs to steal data, spread spam or commit other routine cybercrimes.
"We have a lot of people looking at this, and with everybody watching it, hopefully they will be too scared to do anything," says Patrik Runald, security adviser at F-Secure. "That's really the only thing we can hope for."
In less than three weeks, the worm has spread to more than 1 million PCs around the globe, mostly inside companies, according to estimates from F-Secure and Atlanta-based security firm SecureWorks. A worm of that magnitude has not been seen since 2004. 
The worm takes advantage of a security hole that exists on hundreds of millions of Windows PCs. Microsoft issued an emergency patch for the hole in October. Because most Windows PCs connected to the Internet were vulnerable without the patch, the security community went on high alert. 
The worm first appeared on Jan. 7. Tech security researchers say it probed for and implanted itself on any unpatched Windows PC. It then scanned for, broke into and infected all nearby computer servers. It also implanted itself onto any portable device plugged into the PCs' USB inputs, such as a thumb drive storage stick, an iPod or a digital camera. When the corrupted device was plugged into another computer, that machine became infected — and began searching for other PCs to infect.
Don Jackson, senior researcher at SecureWorks, says infections have been spreading in bursts inside corporate networks. "It's like time bombs going off."
The National Cyber Alert System of US-CERT advises corporations to disable a Windows feature, called autorun, to help cut down infections from USB devices. Microsoft has a cleanup tool available. But the worm blocks Internet traffic trying to get to Microsoft's tool. "This worm was written by people who know what they're doing," Runald says.
Security companies have banded together to block some of the 250 Web addresses that infected PCs are instructed to contact for further instructions. But the list changes once a day. 
Vincent Weafer, vice president of Symantec Security Response, says the attackers may have been too successful. "There's no way they want this much attention," he says, adding that he expects them to back off.  Robert BeckerditeSenior Engineer and OwnerBeckerdite Consulting(707) 703-1528www.beckerdite.com

Search from any Web page with powerful protection. Get the FREE Windows Live Toolbar Today! Try it now!
_________________________________________________________________
All-in-one security and maintenance for your PC.  Get a free 90-day trial!
http://www.windowsonecare.com/purchase/trial.aspx?sc_cid=wl_wlmail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://redwoodtech.org/pipermail/list_redwoodtech.org/attachments/20090127/ef4eb42c/attachment.html>

More information about the List mailing list