Good point. I should have brought that up. I have been able to do that consistently almost every time. That's part of how we have been testing AV software.
> -----Original Message----- > From: Glen Johnson [mailto:[email protected]] > Sent: Friday, March 20, 2009 1:35 PM > To: NT System Admin Issues > Subject: RE: April 1st Conflicker Version C to erupt > > I can definitely confirm that a patched machine can get infected from > an > infected flash drive. > > > -----Original Message----- > From: Kennedy, Jim [mailto:[email protected]] > Sent: Friday, March 20, 2009 1:25 PM > To: NT System Admin Issues > Subject: RE: April 1st Conflicker Version C to erupt > > FWIW I have not seen any AV that will 100 percent remove it. Most/All > of > them blow the virus up enough that it isn't running or attacking other > machines/user accounts but enough traces are left behind that it will > still trigger a positive on the next AV scan..... > > Over on the Vipre list one of the people from Sunbelt confirmed that > you > can be patched and still get nailed. I forget his wording but that was > what I got from the post. > > > > -----Original Message----- > > From: Ziots, Edward [mailto:[email protected]] > > Sent: Friday, March 20, 2009 1:16 PM > > To: NT System Admin Issues > > Subject: RE: April 1st Conflicker Version C to erupt > > > > Weird part is I was patched for MS08-67 on these servers reported > > infected and still the AV is showing infection results. Shouldn't be > > vulnerable if you have already applied MS08-067, weirdness. > > > > Z > > > > Edward Ziots > > Network Engineer > > Lifespan Organization > > MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + > > [email protected] > > Phone:401-639-3505 > > > > -----Original Message----- > > From: Kennedy, Jim [mailto:[email protected]] > > Sent: Friday, March 20, 2009 11:52 AM > > To: NT System Admin Issues > > Subject: RE: April 1st Conflicker Version C to erupt > > > > MS and the Anti-Virus vendors have really have let us down on this > one. > > > > > > > -----Original Message----- > > > From: Ziots, Edward [mailto:[email protected]] > > > Sent: Friday, March 20, 2009 11:37 AM > > > To: NT System Admin Issues > > > Cc: [email protected] > > > Subject: April 1st Conflicker Version C to erupt > > > Importance: High > > > > > > Folks, > > > > > > Seeing quite a bit of activity with Conflicker, and on April 1st > > > according to the following site. Its going to erupt with a lot of > > > malicious activity ( port 80 outbound, P2p, mass infection, so > > > definitely get your systems patched, and AV, Signatures, HIPS > > updated) > > > Just dealt with a bout of this worm today. > > > > > > http://mtc.sri.com/Conficker/addendumC/ > > > > > > Sincerely, > > > Z > > > > > > Edward Ziots > > > Network Engineer > > > Lifespan Organization > > > MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + > > > [email protected] > > > Phone:401-639-3505 > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
