Ouch. I love my application whitelists. 2009/11/20 Steve Kelsay <[email protected]>
> We go hit with it two weeks ago despite being fully patched and multiple > layered defense. > > We had Sunbelt check the files. A new variant, apparently. They built a > tool to detect it and prevent further infections, but we had to run > fseasyclean on all the machine and servers to get rid of it, then reboot > each one. A real pain on the servers. > > > > *From:* Kelsey, John [mailto:[email protected]] > *Sent:* Friday, November 20, 2009 8:34 AM > *To:* NT System Admin Issues > *Subject:* Conficker Help! > > > > Looks like we're getting hit the Conficker this morning. Sophos is > reporting several hundred 'conficker detected/cleaned' messages, so at least > its catching it...BUT....how do I determine the source of the infection? > Something I can look for with wireshark or something? Apparently there are > some unprotected machines on the network. > > > > Any suggestions are welcome! > > > > > > ******************************* > *John C. Kelsey** > *DuBois Regional Medical Center > (: 814.375.3073 > 2 : 814.375.4005 > *: [email protected] > ******************************* > > > > > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager. > This message contains confidential information and is intended only for the > individual named. If you are not the named addressee you should not > disseminate, distribute or copy this e-mail. > > > > > > > > > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." http://raythestray.blogspot.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
