As you may know, there is an unpleasant piece of malware called Conficker or Downadup, which has been in the wild, targeting Microsoft Windows computers since October 2008. Security researchers are now reporting that infected machines may collectively go into action on April 1, seeking instructions from a distributed infrastructure in a way that is difficult to anticipate or block. Here at Tufts we can see that more than 90% of those using the UIT managed Windows Server Update Services (WSUS) have been patched (with MS08-067) and likely maintain current anti-virus signatures which will prevent infection. As you might expect, those who are at greatest risk do not use an FSP supported image/configuration, do not use windows updates or antivirus, and run with excessive privilege; however, others may become victims as well.
Some of the symptoms that a host is infected include: disabled firewalls, the inability to update patches or the inability to reach security websites. Please be sure your support team is aware of these symptoms. UIT will be using its resources to monitor our Trend Micro Antivirus consoles, our WSUS server for new updates, our Intrusion Detection System, and private security email lists.
In the next few days, UIT Information Security will distribute a basic Conficker preparation and remediation program, but we wanted to begin to spread the word to raise awareness of this important issue now, even though the software is mutating into new variants. In addition, you may find the following advanced information from SANS useful:
From the SANS Institute - http://isc.sans.org/diary.html?storyid=5860
Wikipedia Conficker information - http://en.wikipedia.org/wiki/Conficker
If you have any questions or are interested in learning more about how to pro-actively address this potential security issue, contact the UIT Support Center at uitsc@tufts.edu or call 73677.
Thanks,
UIT Information Security