Just in case you are not on some of the various email newsletter links that pop into my inbox on a daily basis, here's some free assistance with regard to information security awareness messaging around the current virus doing the rounds.
A major worm outbreak is being experienced at present, named Downadup or Conficker and it is believed to have infected around 9 million PCs in the past few days.
I have mentioned Gary Hinson and www.noticebored.com before. Next months newsletter is due to be on malware but in the light of the scale of the current worm infection, Gary has kindly put together a "one page special" that is designed to "highlight a live information security story and offer some simple advice while it's still hot news".
See
http://www.noticebored.com/NB_Downadup_worm_newsflash.pdf or
http://tinyurl.com/WormAware
It's free, no strings attached, no need to sign up for anything. Please consider sharing this simple PDF with your colleagues, fellow employees, friends and families. The visual contained therein, in particular, is quite helpful for clarification of the issue.
I am constantly heard, in any consultancy or training delivery, saying that the news writes our job for us every day and this is just another example of how to react and respond pragmatically by explaining the issue and offering helpful advice.
About the author
Andrea is an experienced information compliance evangelist / business consultant and project manager with expertise in several disciplines: information security management (ISO27001 - ISMS, strategy and planning, policies and procedures development and implementation etc.); Information Rights Legislation/Regulation and Standards (including Data Protection and Freedom of Information) and Information and Records Management.
Comments (4)
Leave CommentWith all respect to Gary, who has also made excellent posts on the (ISC)2 blog, simple advice isn't always enough, even for home users.
As I work for an AV vendor, and could therefore be accused of having a marketing agenda, I wouldn't usually comment on something like this here, but I feel there are a couple of issues that need addressing As there's a great deal of malware around that exploits the autorun facility (autoinfect, as a colleague of mine rather harshly refers to it), it's an excellent idea to disable it, but to do so effectively is a lot less straightforward than the procedure in Gary's blog (though even that will lower the risk).
Microsoft have revisited their procedure for doing so at http://support.microsoft.com/kb/953252, but US CERT's note at http://www.us-cert.gov/cas/techalerts/TA09-020A.html is better, if geekier. But there's a lot more to Conficker than autorun. The main reason that so many -corporate- systems are infected is that they haven't patched the vulnerability described in http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx (they ought to be patching MS08-068 and MS09-001 at the same time.).
There's also an issue with weakly passworded network shares that will certainly affect many corporate networks. And because many home users will be using free but unsupported AV software, and in any case Conficker tries to stop infected systems from accessing vendor web sites, contacting the vendor may not be so simple.
For cleaning purposes, the best option for many will be to get one of the Conficker-specific tools some vendors have made available, which will require access to an uninfected machine. Ours is at http://download.eset.com/special/EConfickerRemover.exe, but F-Secure and Norman have similar tools, and I'm sure other vendors do too.
A colleague and I put up some info at http://www.eset.com/threat-center/blog/?p=484: it's not simple advice, and because it's on our corporate site, it doesn't link to other vendor resources (marketing hate it when I do that!) but it may be a good starting point for people needing more detailed information.
Report Comment
Many thanks for the detailed feedback. Extremely helpful to users. Andrea
Report Comment
The CERT page offers some good advice. Are we yet to see more of this pesky worm though?
Report Comment
iPolicy Networks is providing detection and prevention from Conficker worm through its IDS signature. Below link is having more details: http://ipolicynetworks.com/technology/files/W32.Worm.Conficker.html
Report Comment
Post a comment