Everybody is all excited about the return of Conficker on April 1, 2009, and the news media is whipping the general public up into a froth about it. Even my mom called me to ask about it.
Here’s the low-down…
PREVENTION:
- Apply the security update associated with MS08-067 (Windows 2000, XP, Vista & 2008).
- Make sure you are running up-to-date antivirus software.
- Check for updated protections for security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. The Microsoft Active Protection Program (MAPP) provides partners with early access to Microsoft vulnerability information. For a list of partners and links to their active protections, please visit the MAPP Partners page.
- Isolate legacy systems using the methods outlined in the Microsoft Windows NT 4.0 and Windows 98 Threat Mitigation Guide.
- Implement strong passwords as outlined in the Creating a Strong Password Policy whitepaper.
- Disable the AutoPlay feature through the registry or using Group Policies as discussed in Microsoft Knowledge Base Article 967715.
Microsoft released Security Advisory 967940 to notify users that the updates to allow users to disable AutoPlay/AutoRun capabilities have been deployed via automatic updating channels.
NOTE: Windows 2000, Windows XP, and Windows Server 2003 customers must deploy the update associated with Microsoft Knowledge Base Article 967715 to be able to successfully disable the AutoRun feature. Windows Vista and Windows Server 2008 customers must deploy the security update associated with Microsoft Security Bulletin MS08-038 to be able to successfully disable the AutoRun feature.
CLEANING INFECTED SYSTEMS:
- Use the Microsoft Windows Malicious Software Removal Tool (MSRT)
- or Malwarebytes
- or SuperAntiSpyware
Source: http://technet.microsoft.com/en-us/security/dd452420.aspx