Hello All,
I’m sure by now you have heard about the Conficker worm which is expected to release its payload on April 1st. This is no April fool’s joke.

Richline Technical Services is taking the Conficker, aka Kido/Updown/Downadup, very serious. This bug is nasty…  We have seen this thing in action on a few networks and it is not pretty at all. It is network aware and can hop via WAN connections to other networks.  We have seen this happen at a very large/high profile firm here in Texas.  Conficker hopped to their Pennsylvania and Tennessee locations.  Even if your machine is fully patched you can still become infected by the brute force attacks and exploits in software such as Java and Adobe.  The bug queries LDAP, retrieves a list of account names from Active Directory and will then begin a brute force attack.  It also uses NetBIOS names to attacks local machine passwords.  Conficker sets system restore points, and exploits holes that most articles do not mention.  If one machine on your network gets infected it could bring everything to a grinding halt.

If you have a corporate network and you are worried you may not be patched or have been infected please call our office.  We have been called in to consult for several large firms and had the “pleasure” of seeing how smart this thing really is. If your machine is infected at home, the instructions below should take care of it.  If it has infected a network, that is a whole different ball game.  We are hoping this is over hyped and April 1st will come and go without issue but if not we are gearing up for the worst.
 
There are a few things you can do to help prevent Conficker from knocking out your network.  We cannot possibly check everyone of our clients who are not on one of our Managed Service Plans. Our Managed Service Plan clients are already covered with the appropriate patches and up to date anti-virus software.

Click here for information about our 24/7 Managed Service Plans

Instructions for containing or removing Conficker

You must have the Microsoft Patch installed which closes the original vulnerability. Windows XP Service Pack 3 does not include the patch!  Also you must have the latest Adobe Reader 9.1 and the latest Java 6, build 13.  We have uploaded the patch and software updates to our website to help you.  Please apply them in this order.  Below are the instructions to prevent or contain Conficker.
 
1st - Turn Off Windows System Restore
In Windows XP click Start, Control Panel, System and click on the System Restore tab.  Check the box “Turn off system restore”.  You will be prompted again “Do you want to turn off System Restore?” click Yes.  (this will take a few minutes.)
 
2nd - Download and Install the Microsoft Patch for Windows XP
http://www.richline.cc/conficker/kb958644.exe
 
3rd - Download and Install the latest Java build
http://www.richline.cc/conficker/jre613.exe
 
4th - Download and Install the latest Adobe Reader http://www.richline.cc/conficker/AdbeRdr910.exe
 
5th - Download and Install MalwareBytes
http://www.richline.cc/conficker/mbam.exe
 
6th – Download and Install the latest update for MalwareBytes
http://www.richline.cc/conficker/mbam-rules.exe

7th - Run a MalwareBytes FULL SCAN!!!
If MalwareBytes finds any infections, Quarantine or Delete them.  MalwareBytes might need to reboot your machine, please allow it to reboot and finish the scan.

shoretel
©2007 Richline Technical Services LLC.