There is a lot of buzz circulating right now about the worm associated with MS08-067, known as Conficker or Downadup by most malware protection vendors. Will this become the first huge Botnet of 2009? The infections thus far are reaching into the Millions, and even with Microsoft updated their removal tool for the malware itself it is growing at an alarming rate.

SANS has done some research

Dark Reading is covering the story as well here: http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900793

Coverage thus far by our vendors, ESET and Sophos, has been very good. However, the most important thing here is to apply the patch from Microsoft. I had a conversation with a security expert about how malware and patching are compared to each other in the event of a epidemic like this. Which one works the best?

Well, an unpatched system with the latest and greatest malware protection will not last long. A patched system will never get infected with the malware associated with that exploit. Hmmm, never. That sounds like the option I would go with.

Patch, patch, patch. And, making sure those patches have been delivered and installed is also part of your success. Monitoring your outbound traffic even closer during this time will pay off if this does turn into a monster Botnet, pay close attention to SMTP this week and next. It can give you an early warning as to what may be lurking on your network.

David Feligno

Network Security Group, Inc