The Conficker worms spread using the MS08-067 vulnerability (we blogged about this vulnerability earlier). Microsoft released an out-of-band patch for the MS08-067 vulnerability in October 2008.
There are rules that detect exploitation of the MS08-067 that have been out for a while. Any of our clients in IPS mode should be okay from the network angle. (But our device is a perimeter device -- it cannot detect a virus brought in on, say, a USB drive.)
The best way to be defended is to have the machines up-to-date. The reason why the Conficker worm managed to spread to a large number of Windows machines is because most people do not patch their machines. Ensuring that your Windows systems are updated may also help prevent infections from new Conficker variants, if they continue to use the same exploit as the current variants.
In addition, it is also recommended that you do not forward TCP port 445 to any Windows systems. There is no legitimate reason to make TCP port 445 accessible from the Internet. (Update: also ports 135 and 139)
Partners can find more information on our Partner Portal.
These URLs also give more information:
http://www.confickerworkinggroup.org/wiki/pmwiki.php?n=ANY.FAQ
http://www.us-cert.gov/cas/techalerts/TA09-088A.html
1 comments:
here's hoping that Conficker amounts to nothing more than an April Fool's prank
Post a Comment