Newsroom

Virus Warning

Mar 31, 2009

 
Weathering the Conficker Worm

April 1st is upon us and the impending Conficker worm attack may or may not be a serious threat.  Security researchers show that a payload or change in code will happen on April 1st 2009. The industry as a whole is working at a frantic pace to protect systems and with this in mind we have some advice on how to ensure end-users and your network are protected.

Worms like the Conficker worm often lie 'dormant' on systems.  Its purpose is to stage a larger attack and act as a springboard for malicious code. It is similar to the "Storm" worm that surfaced last year.

We have read statistical information telling us that over nine million computers in the United States are already compromised by the worm.  This provides the programmer of the Conficker worm with an enormous pool of computers from which to launch an attack.

Although the patch to fix systems infected with the worm came out last November, the high volume of infected computers is a sharp reminder of the vast number of computers which have not been patched as a first-step to ensuring you have adequate defenses in place.  Tips to avoid data loss and protect your environment against these threats are as follows:

• Create a consistent patching plan and stick to it.                                          
• Keep your Anti-Virus up to date.                                                                  
• Have regular internal and third party vulnerability scans or security audits.          
• Create a strong password policy.
• When practical use encryption.

We do not believe fighting this worm only at the host level, or workstation and server level, will be effective.  But as we have mentioned, we simply can not predict the specific behavior the botnet will adopt on April 1st.

Crosslin & Associates is doing everything possible to do what is necessary to help our customers by developing security strategies, scanning networks for vulnerabilities and aiding in incident response when there is an issue.

Finally, today we are concentrating on patching all Microsoft specific vulnerabilities in order to prevent re-infections to the network by the botnet.  On April 1st if you notice your computers and network are not behaving normally please fell free to give us a call.  We will be ready to assist you in your recovery. 
 
  
If you experience problems or inconsistant network activity on or near April 1st, please feel free to contact us at (615) 320-5500.

Terry W. Saltsman, Ph.D., - Principal for Information Technology Assurance
terry.saltsman@crosslinpc.com
Shane Callahan - Director Network Security, Information Technology
shane.callahan@crosslinpc.com
 
Under requirements imposed by the IRS, we inform you that, if any advice concerning one or more U.S. federal tax issues is contained in this communication (including any attachments), such advice was not intended or written to be used, and cannot be used, for the purpose of (1) avoiding penalties under the Internal Revenue Code or (2) promoting, marketing or recommending to another party any transaction or tax-related matter addressed herein.