[RTC List] Article on USA Today identifies serious new internet worm

Bob Morse bob at morsemedia.net
Tue Jan 27 13:39:56 PST 2009 

Have you thought about submitting a proposal for the Tech Conference?

http://www.redwoodtech.org/tech-conference-submissions

The deadline of January 31 is fast approaching.

robert beckerdite wrote:
> Agreed.  I think i will write another tech beat on patch management 
> once my wireless article is done.  If I knew the right forum i would 
> love to give a talk on it.  The maintenance of things like backup, 
> patch managment, antivirus signature updates, wireless networks and 
> personal firewalls are all areas where modern businesses find a lot of 
> difficulty.  I think a lot of people and businesses simply don't know 
> how to prioritize addressing these issues vs their day to day 
> operational/life needs.  I am hoping that by bringing the subject up 
> every now and then it might help a few more people than would get to 
> it otherwise.  
>
> Robert Beckerdite
> Senior Engineer and Owner
> Beckerdite Consulting
> (707) 703-1528
> www.beckerdite.com <http://www.beckerdite.com/>
>
>
>
>
> ------------------------------------------------------------------------
> From: pbitton at hotmail.com
> To: robert at beckerdite.com; list at redwoodtech.org
> Subject: RE: [RTC List] Article on USA Today identifies serious new 
> internet worm
> Date: Tue, 27 Jan 2009 13:16:19 -0800
>
> Which just goes to show how important it is to patch every month. 
> Companies have had three months to patch against this and evidently 
> many have failed to do so.
>  
> Pat Bitton
> Partner, Euresto Partners Inc
> Sales & Marketing Strategies for Technology Startups
> +1 707 268 8968/+1 408 464 0829 cell
> MSN IM: pbitton at hotmail.com <mailto:pbitton at hotmail.com>
> Skype: pat.bitton
> Follow me on Twitter: @PatBittonTIP
> www.eurestopartners.com <http://www.eurestopartners.com/>
>  
> Looking for security advice? Check out
> www.theinternetprotectors.com <http://www.theinternetprotectors.com/>
>  
>
> ------------------------------------------------------------------------
> *From:* list-bounces at redwoodtech.org 
> [mailto:list-bounces at redwoodtech.org] *On Behalf Of *robert beckerdite
> *Sent:* Tuesday, January 27, 2009 1:01 PM
> *To:* list at redwoodtech.org
> *Subject:* [RTC List] Article on USA Today identifies serious new 
> internet worm
> *Importance:* High
>
> Please consider this and take the appropriate measures to protect your 
> business.
>  
> Link with instructions to disable autorun.
> http://www.us-cert.gov/cas/techalerts/TA09-020A.html
>  
>
> *Cybercrime experts keep close watch on Internet worm*
>
>  
>
> The world's top virus hunters are watching every move made by the 
> attacker in control of a nasty new Internet worm — referred to as 
> "downadup" or "conficker."
>
> What worries them most is that the person, or group, controlling the 
> worm could at any time direct the PCs to carry out criminal activities 
> on an unprecedented scale. And there's not much anyone can do to stop 
> them.
>
> The attackers could use the infected PCs to steal data, spread spam or 
> commit other routine cybercrimes.
>
> "We have a lot of people looking at this, and with everybody watching 
> it, hopefully they will be too scared to do anything," says Patrik 
> Runald, security adviser at F-Secure. "That's really the only thing we 
> can hope for."
>
> In less than three weeks, the worm has spread to more than 1 million 
> PCs around the globe, mostly inside companies, according to estimates 
> from F-Secure and Atlanta-based security firm SecureWorks. A worm of 
> that magnitude has not been seen since 2004.
>
> The worm takes advantage of a security hole that exists on hundreds of 
> millions of Windows PCs. Microsoft issued an emergency patch for the 
> hole in October. Because most Windows PCs connected to the Internet 
> were vulnerable without the patch, the security community went on high 
> alert.
>
> The worm first appeared on Jan. 7. Tech security researchers say it 
> probed for and implanted itself on any unpatched Windows PC. It then 
> scanned for, broke into and infected all nearby computer servers. It 
> also implanted itself onto any portable device plugged into the PCs' 
> USB inputs, such as a thumb drive storage stick, an iPod or a digital 
> camera. When the corrupted device was plugged into another computer, 
> that machine became infected — and began searching for other PCs to 
> infect.
>
> Don Jackson, senior researcher at SecureWorks, says infections have 
> been spreading in bursts inside corporate networks. "It's like time 
> bombs going off."
>
> The National Cyber Alert System of US-CERT advises corporations to 
> disable a Windows feature, called autorun, to help cut down infections 
> from USB devices. Microsoft has a cleanup tool available. But the worm 
> blocks Internet traffic trying to get to Microsoft's tool. "This worm 
> was written by people who know what they're doing," Runald says.
>
> Security companies have banded together to block some of the 250 Web 
> addresses that infected PCs are instructed to contact for further 
> instructions. But the list changes once a day.
>
> Vincent Weafer, vice president of Symantec Security Response, says the 
> attackers may have been too successful. "There's no way they want this 
> much attention," he says, adding that he expects them to back off.
>
>  
>  
>
>
> Robert Beckerdite
> Senior Engineer and Owner
> Beckerdite Consulting
> (707) 703-1528
> www.beckerdite.com <http://www.beckerdite.com/>
>
>
>
>
> ------------------------------------------------------------------------
> Search from any Web page with powerful protection. Get the FREE 
> Windows Live Toolbar Today! Try it now! 
> <http://get.live.com/toolbar/overview>
> ------------------------------------------------------------------------
> All-in-one security and maintenance for your PC.  Get a free 90-day 
> trial! Learn more! 
> <http://www.windowsonecare.com/purchase/trial.aspx?sc_cid=wl_wlmail>
> ------------------------------------------------------------------------
>
> _______________________________________________
> List mailing list
> List at redwoodtech.org
> http://redwoodtech.org/mailman/listinfo/list_redwoodtech.org
>   


-- 
Bob Morse
Morse Media
Web Development * Web Hosting * Internet Marketing
http://morsemedia.net
707-444-9566
707-496-9191 (cell)
Blog: http://talkingtech.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://redwoodtech.org/pipermail/list_redwoodtech.org/attachments/20090127/2790ce2d/attachment.html>

More information about the List mailing list