Educause Security Discussion mailing list archives
Re: Conflicker/NMAP
From: David Harley <dharley () SMALLBLUE-GREENWORLD CO UK>
Date: Tue, 31 Mar 2009 17:33:46 +0100
Staying strictly vendor agnostic, despite the fact that I work for an anti-malware company : * Any mainstream AV company should detect and remove known Conficker variants, in general. Some companies have standalone removal tools, but you guys shouldn't usually need them except as insurance: in fact no-one -should- need them except people who don't take any precautions at all. * The honeynet tool (and one or two similar utilities) make(s) for a nice extra layer, especially when plugged into tools you use already: enough security mavens with access to millions of samples, like the guys in the Conficker Working Group, have had input to ensure they work pretty reliably. * I'd imagine most of you have anti-malware, sound patching practice, network & vulnerability scanning and so on, which means that you're fairly low risk, though you probably can't lock down your systems as tight as some corporates. But that means it doesn't surprise me you're not seeing a lot of suspicious packets, though you might as the occasional remote device logs in. * If you can restrict the use of USB devices and lock down Autorun, that not only helps with (some) Conficker, but lots of other malware that misuses that facility. In fact, even before Conficker, that group (and it includes all sort of miscellaneous malware -types-) has been detected in very, very high volumes for a good while. HTH... -- David Harley BA CISSP FBCS CITP Director of Malware Intelligence, ESET (but not in marketing)
Current thread:
- Re: Conflicker/NMAP, (continued)
- Re: Conflicker/NMAP David Harley (Mar 31)
- Re: Conflicker/NMAP Basgen, Brian (Mar 31)
- Re: Conflicker/NMAP Stanclift, Michael (Mar 31)
- Re: Conflicker/NMAP Bradley, Stephen W. Mr. (Mar 31)
- Re: Conflicker/NMAP Harry E Flowers (flowers) (Mar 31)
- Re: Conflicker/NMAP David Gillett (Mar 31)
- Re: Conflicker/NMAP Dennis Meharchand (Mar 31)
- Re: Conflicker/NMAP Dexter Caldwell (Mar 31)
- Re: Conflicker/NMAP Mike Iglesias (Mar 31)
- Re: Conflicker/NMAP Scott Dier (Mar 31)
- Re: Conflicker/NMAP David Harley (Mar 31)
- Re: Conflicker/NMAP Rowe, Ken (Mar 31)
- Re: Conflicker/NMAP Emilio Valente (Mar 31)
- Re: Conflicker/NMAP David Harley (Mar 31)
- Re: Conflicker/NMAP Wyman Miles (Mar 31)
- Re: Conflicker/NMAP David Harley (Mar 31)
- Re: Conflicker/NMAP Roger Safian (Mar 31)
- Re: Conflicker/NMAP Dennis Meharchand (Mar 31)
- Re: Conflicker/NMAP Dean De Beer (Mar 31)
- Re: Conflicker/NMAP Jerry Sell (Mar 31)
- Re: Conflicker/NMAP Ken Connelly (Mar 31)
(Thread continues...)