I can definitely confirm that a patched machine can get infected from an infected flash drive.
-----Original Message----- From: Kennedy, Jim [mailto:[email protected]] Sent: Friday, March 20, 2009 1:25 PM To: NT System Admin Issues Subject: RE: April 1st Conflicker Version C to erupt FWIW I have not seen any AV that will 100 percent remove it. Most/All of them blow the virus up enough that it isn't running or attacking other machines/user accounts but enough traces are left behind that it will still trigger a positive on the next AV scan..... Over on the Vipre list one of the people from Sunbelt confirmed that you can be patched and still get nailed. I forget his wording but that was what I got from the post. > -----Original Message----- > From: Ziots, Edward [mailto:[email protected]] > Sent: Friday, March 20, 2009 1:16 PM > To: NT System Admin Issues > Subject: RE: April 1st Conflicker Version C to erupt > > Weird part is I was patched for MS08-67 on these servers reported > infected and still the AV is showing infection results. Shouldn't be > vulnerable if you have already applied MS08-067, weirdness. > > Z > > Edward Ziots > Network Engineer > Lifespan Organization > MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + > [email protected] > Phone:401-639-3505 > > -----Original Message----- > From: Kennedy, Jim [mailto:[email protected]] > Sent: Friday, March 20, 2009 11:52 AM > To: NT System Admin Issues > Subject: RE: April 1st Conflicker Version C to erupt > > MS and the Anti-Virus vendors have really have let us down on this one. > > > > -----Original Message----- > > From: Ziots, Edward [mailto:[email protected]] > > Sent: Friday, March 20, 2009 11:37 AM > > To: NT System Admin Issues > > Cc: [email protected] > > Subject: April 1st Conflicker Version C to erupt > > Importance: High > > > > Folks, > > > > Seeing quite a bit of activity with Conflicker, and on April 1st > > according to the following site. Its going to erupt with a lot of > > malicious activity ( port 80 outbound, P2p, mass infection, so > > definitely get your systems patched, and AV, Signatures, HIPS > updated) > > Just dealt with a bout of this worm today. > > > > http://mtc.sri.com/Conficker/addendumC/ > > > > Sincerely, > > Z > > > > Edward Ziots > > Network Engineer > > Lifespan Organization > > MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + > > [email protected] > > Phone:401-639-3505 > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
