Virus alert about the Win32/Conficker.B worm
Symptoms on Infection
If your computer is infected with this worm, you may not experience any symptoms...If your computer is infected with this worm, you may not experience any symptoms, or you may experience any of the following symptoms:
-Account lockout policies are being tripped.
-Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
-Domain controllers respond slowly to client requests.
-The network is congested.
Various security-related Web sites cannot be accessed.
More information here:-
http://support.microsoft.com/kb/962007
More information a bout the virus:-
http://www.microsoft.com/security/portal/Entry.aspx?Name=Win32/Conficker
Prevention in a nutshell:-
-Enable a firewall on your computer.
-Get the latest computer updates for all your installed software, including Security Bulletin MS08-067.
-Use up-to-date antivirus software.
-Use caution when opening attachments and accepting file transfers.
-Use caution when clicking on links to web pages.
-Protect yourself against social engineering attacks.
and the list goes on..
this means a computer system which is poorly design including using weak password, unsafe security policy, no proper security awareness, lack of gateway virus protection and etc contribute to this nightmare...
and if you ask me is this worm easily kill. The answer is no. Why if you ask me?
the answer is simple..a small organization with 50 machines may be able to clean it fast but just imagine an organization with 100-200k Clients. Cleaning it would mean:-
- someone gonna get burn if they acknowledge on the poorly design security system in the network thus creating self denial and reluctance of change to beef up the security system. Admiting themselves that they have design a big loophole is not easy. So politics within an organizaton will prevent a fast remidiation process..
- isolation of infected machine for remediation is difficult. Imagine different machine from different sites and country and worst if the infected machine is running business critical data.
- wrong choice of security product. YEs you are right wrong choise...!! For example throwing multiple security product into a system does not ensure total security . it will only ensure total mess. high conumption of resource alone will kill the operating system. and enabling the wrong function on the machine itself will also determine the fate of the poor pc..for example if you use trend micro officescan, disabling the firewall module will disable network scanning thus making the task of detectin and cleaning the conficker worm automatically useless..
If your computer is infected with this worm, you may not experience any symptoms...If your computer is infected with this worm, you may not experience any symptoms, or you may experience any of the following symptoms:
-Account lockout policies are being tripped.
-Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
-Domain controllers respond slowly to client requests.
-The network is congested.
Various security-related Web sites cannot be accessed.
More information here:-
http://support.microsoft.com/kb/962007
More information a bout the virus:-
http://www.microsoft.com/security/portal/Entry.aspx?Name=Win32/Conficker
Prevention in a nutshell:-
-Enable a firewall on your computer.
-Get the latest computer updates for all your installed software, including Security Bulletin MS08-067.
-Use up-to-date antivirus software.
-Use caution when opening attachments and accepting file transfers.
-Use caution when clicking on links to web pages.
-Protect yourself against social engineering attacks.
and the list goes on..
this means a computer system which is poorly design including using weak password, unsafe security policy, no proper security awareness, lack of gateway virus protection and etc contribute to this nightmare...
and if you ask me is this worm easily kill. The answer is no. Why if you ask me?
the answer is simple..a small organization with 50 machines may be able to clean it fast but just imagine an organization with 100-200k Clients. Cleaning it would mean:-
- someone gonna get burn if they acknowledge on the poorly design security system in the network thus creating self denial and reluctance of change to beef up the security system. Admiting themselves that they have design a big loophole is not easy. So politics within an organizaton will prevent a fast remidiation process..
- isolation of infected machine for remediation is difficult. Imagine different machine from different sites and country and worst if the infected machine is running business critical data.
- wrong choice of security product. YEs you are right wrong choise...!! For example throwing multiple security product into a system does not ensure total security . it will only ensure total mess. high conumption of resource alone will kill the operating system. and enabling the wrong function on the machine itself will also determine the fate of the poor pc..for example if you use trend micro officescan, disabling the firewall module will disable network scanning thus making the task of detectin and cleaning the conficker worm automatically useless..
Comments