In early March, security researchers identified a new version of the Conficker virus, called Conficker.C. This third variant of the virus, like its predecessors, exploits the vulnerability patched by Microsoft’s security bulletin MS08-067, released in October 2008. While not currently released, it has been confirmed that this virus will become active and malicious on April 1, 2009.

Conficker.C is a major revision of the original virus. This variant includes new functionality that ranges from new infection methods to disabling security tools. The Conficker.C virus will scan and kill processes for security products including disabling: firewalls, patch deployment, and antivirus software.

WHAT TO DO BEFORE APRIL 1ST:
The best defense is to apply Microsoft Security Bulletin MS08-067 to eliminate the vulnerability. Administrators should ensure every system on their network, internal and external, physical and virtual, has the MS08-067 patch applied. Before trying to clean or detect any systems that may be infected with the Conficker virus, administrators must first apply the patch. Attempting to clean systems without first protecting them will only present a never-ending process of Virus removal. By applying MS08-067, administrators will then be able to start the task of scanning for infected devices and restoring them back to their desired state.

WHAT TO DO AFTER APRIL 1ST:
If you have not installed the MS08-067 patch on all systems before April 1st, and systems are infected, researchers claim that you will not be able to apply the patch to the infected systems. You will have to manually remove the virus and then apply the patch. This can leave your system open for re-attack in the timeframe between removing the virus and applying the patch.

Potential New Methods of Attack:
In addition to using internal networks as the means of attack, Conficker.C is believed to use P2P (Peer-to-Peer) networking to infect other vulnerable systems.

A WORD TO OUR MANAGED OFFICE CLIENTS:
Please be assured that our Network Engineers are aware of this issue, and have taken the necessary steps to protect your network. Should you have questions, please send an email to support@networklogix.com.

Be Sociable, Share!

•