Viscous Malware Prevention- Downadup/Conflicker Worm

There have been numerous reports about a hard to clean worm hitting networks. The attacks were first hitting overseas networks, and now I am seeing reports  here in the US. There was an extensive eye-witness account on the SANS Advisory Board mailing list (disclosure, I am a member of the SANS Advisory Board). I also have reports from collogues on how difficult it is to remove the Downadup/Conflicker Worm, due, in part to it’s morphing behaviour.

One of my collogues believes that one successful attack orginated from a USB thumb drive that was infected, and then brought into the corporate network. I have talked about the issues of removable media security on the Data Security Podcast.

If you have not already considered security software that protects, controls, audits, logs and encrypts thumb drives – NOW IS THE TIME. The time and labor costs to repair the damage from one attack more than outweighs the cost of security. I also recommend preparing some tools and procedures in the event you do get hit, unless you already have a good incident response plan.


One Response to “Viscous Malware Prevention- Downadup/Conflicker Worm”

  1. laforge129 Says:

    I find that you should always disable the autorun feature in Windows. Talked about this and much more on my website. You should also think about downloading Clone Of Autopatcher that way you can install the needed updates to Microsoft without the need of an internet connection. This worm has been known to disable auto updates for Windows, this is my recommendations to better prevent yourself from getting a virus. I’ve got even more Virus tips and tricks on my site if anyone want to check it out!!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: