Original URL: http://www.channelregister.co.uk/2009/03/30/conficker_signature_discovery/

Researchers find super worm cure, just in time

By Dan Goodin in San Francisco

Posted in Software & Security, 30th March 2009 11:02 GMT

—————————–

My thoughts, feedback and input.

You have a few hours to work on this and I know you’re going to be vigilant about it. Let’s save what and who we can with our best efforts. Time is of the essence so get to it. I will be a bit busy for the next few hours checking on new vendor signature releases and info about this, dealing with my internal network and doing some last minute checking and changes so please pardon any delays in my responses for a while.

So now that signatures are being released for it is it over?

No it’s not. This is a staged effort. The signatures will be created, disseminated throughout the various security scanners, anti-virus and anti-malware vendor products but then comes the updating and patching of the systems.

If you are running an older version of a vendor product I strongly suggest you upgrade it now.

If you are running any definitions other than March 31^st 2009 for your anti-virus and anti-malware solution then you’re not fully protected yet.

If you are still missing Microsoft Windows patches (any and all of them) then there’s still some level of risk for you.

If you’re running vulnerable applications like Adobe Reader, Acrobat, Firefox, iTunes, QuickTime, web browsers, media players and other applications check to make sure you’re not missing any vendor patches. The developers have released secure versions recently.

I still stick to my original take on this which is, if you are already infected just wipe and start over. There’s no real guarantee that you will fully get rid of the infection and the various pieces it comes with. If not, you have a good set of protective layers to work with.

Keep in mind that a signature based solution works off detecting via signature and not anomaly based threats. As Conficker is a blended threat, I expect to see some aspects of it still evading some security solutions if not configured properly for effective use. Some people have their solutions configured with out of the box settings which may not be optimally configured for a critical threat like this with such a rapid change effect rate.

I know this is short timing but it is good timing to get the word out and get people to act quickly. Be kind and help to spread the word to your family, friends, partners, associates, peers and anyone you converse with. This is critical info that needs to be shared.

Let’s get to it people. I’ve been up since Saturday helping people with their systems and talking about this and I plan to get some sleep over the next day or two.

Good luck and please keep me posted on any new developments and happenings around this once April 1^st kicks in.

~Brett A. Scudder~

The IT Security Attaché