Subsequent to the critical out of cycle patch, MS08-067, issued by Microsoft in October 2008, the Conficker Worm was discovered which infected systems that had not applied the MS08-067 patch.
Since then the Conficker Worm has infected over an estimated 9 million PCs.
Recent reports also highlight that the Conficker Worm has been upgraded by criminals to Conficker B++ which is more resilient than the previous versions.
Microsoft has released an advisory note on how to protect your PCs from the Conficker Worm. In summary Microsoft recommend you take the following steps;
- Apply the security update associated with MS08-067.
- Make sure you are running up-to-date antivirus software from a trusted vendor.
- Check for updated protections for security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems.
- Isolate “unpatched” or legacy systems using the methods outlined in the Microsoft Windows NT 4.0 and Windows 98 Threat Mitigation Guide.
- Implement strong passwords as outlined in the Creating a Strong Password Policy whitepaper.
- Disable the AutoPlay feature through the registry or using Group Policies as discussed in Microsoft Knowledge Base Article 953252. NOTE: Windows 2000, Windows XP, and Windows Server 2003 customers must deploy the update associated with Microsoft Knowledge Base Article 953252 to be able to successfully disable the AutoRun feature. Windows Vista and Windows Server 2008 customers must deploy the security update associated with Microsoft Security Bulletin MS08-038 to be able to successfully disable the AutoRun feature.We advise that you follow the above recommendations to ensure your systems are protected from this threat.
Remember to also update your incident response plan just in case you efforts are too late. See our free whitepaper on “Incident Handling and Management”.