IT Security Alert : Beware of "CONFICKER.C" Worm

The worm Conficker.C has been activated on 1st April 2009.

The worm when infects the PC will query about 30,000 websites for further instructions, thus when the PC queries 30,000 sites your Network most probably will be congested and users will be experiencing high latency in internet.

1. WHAT is the symptoms:

    So far, the worm is new, there's no unique signature, but basically, look for these:
   * task manager disabled
   * regedit disabled
   * user cannot view my network
   * network is up, but microsoft sites and all antivirus sites cannot be open


2. HOW to avoid..
 For Microsoft users,  please follow link below
 http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx


3.HOW to clean the worms
     Refer to table below

Removal Instructions
Microsoft:  http://support.microsoft.com/kb/962007
Kaspersky:  http://support.kaspersky.com/faq/
BitDefender: http://www.bitdefender.com/VIRUS-1000462-en--Win32.Worm.Downadup.Gen.html
TrendMicro: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp

To be able to access Anti-Virus vendors and SANS, Microsoft and others, from an infected Conficker.C machine, TrendMicro suggests to use "net stop dnscache" from the command line.
Sophos:  http://www.sophos.com/support/knowledgebase/article/51416.html

Removal Tools

Microsoft MSRT:  http://www.microsoft.com/security/malwareremove/default.mspx
F-Secure:  ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip
AhnLab:  http://global.ahnlab.com/global/file_removeal_down.jsp?filename=12371830475821&down_filename=v3conficker.zip
Symantec:  http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99
McAfee:  http://vil.nai.com/vil/stinger/
ESET:  http://download.eset.com/special/EConfickerRemover.exe
BitDefender:  http://www.bdtools.net/
Kaspersky:  http://data2.kaspersky-labs.com:8080/special/KidoKiller_v3.3.3.zip
TrendMicro:  https://securecloud.com/support/sysclean
Sophos:  https://secure.sophos.com/products/free-tools/conficker-removal-tool-network/download (registration required)

Other Related Post About Conficker.C : ERM Blog

Aruba secures endpoints with NAC interop and product.

Frank Bulk wrote

By Frank Bulk

Aruba Networks most recent announcement regarding NAC interoperability verification and a product announcement repeat a common anthem of this vendor's emphasis on security.

The three major NAC groups are Cisco, Microsoft NAP, and the Trusted Computing Group (TCG); the first two are clearly vendor driven, while the last is standards-based and enjoys broader industry support. Unable to drive a standard of its own, Aruba has not hitched itself to any single group, but has verified NAC interoperability with three technology industry heavyweights: Cisco, Juniper, and Microsoft. Working with network equipment market share leader Cisco is almost a de facto requirement, and Microsoft is Aruba's largest customer, if not most significant. This shouldn't be considered Aruba's first fore into NAC: they have partnerships with Bradford, FireEye, Fortinet, InfoExpress, Snort, and as well as Symantec (via Sygate, though this is end-of-sale).

In addition to their partnerships, Aruba has also announced a new appliance for "targeted industries". To date Aruba has built most of the products it sells, preferring to partner where necessary. Ash Chowdappa, director of mobility management system, stated in a briefing, that Aruba will wait until the NAC market shakes out before considering to develop something internally. This time around Aruba OEMed their Aruba Endpoint Compliance System (ECS) appliance from a vendor that has significant success in the higher education market.

According to Chowdappa, higher education is Aruba's number one vertical, and they expect ECS to gain traction in healthcare and hospitality, markets where there are significant numbers of guest users. Aruba makes the point that many NAC vendors are targeted toward managed devices such as desktops and laptops, while ECS is able to deal with unmanaged and transient devices such as Vo-Fi phones, and the occasional Sony Wii, that may not be able to run an agent. For devices in this latter group Aruba's ECS can work in tandem with their mobility controller to implement more restrictive traffic policies leveraging Aruba's stateful firewall. And this appliance isn't restricted to just wireless products, as the appliance can take trunked wired traffic, such as guest VLANs, and enforce policy on those, too.

Aruba is making the right moves in offering its customers multiple NAC options resulting in great stickiness for their core wireless LAN products. One of the challenges that Aruba faces is that organizations may look first to their wired networking equipment vendor for a NAC product, giving Cisco a natural leg up. Aruba appears to have chosen to OEM a mature product that integrates with systems in both mediums, and with eventual implementation of 802.11n, may take a larger and larger portion of IT's mindshare and networking budget.