Viscous Malware Prevention- Downadup/Conflicker Worm
There have been numerous reports about a hard to clean worm hitting networks. The attacks were first hitting overseas networks, and now I am seeing reports here in the US. There was an extensive eye-witness account on the SANS Advisory Board mailing list (disclosure, I am a member of the SANS Advisory Board). I also have reports from collogues on how difficult it is to remove the Downadup/Conflicker Worm, due, in part to it’s morphing behaviour.
One of my collogues believes that one successful attack orginated from a USB thumb drive that was infected, and then brought into the corporate network. I have talked about the issues of removable media security on the Data Security Podcast.
If you have not already considered security software that protects, controls, audits, logs and encrypts thumb drives – NOW IS THE TIME. The time and labor costs to repair the damage from one attack more than outweighs the cost of security. I also recommend preparing some tools and procedures in the event you do get hit, unless you already have a good incident response plan.