I have been working in IT since 2001 for companies such as Computacenter and Getronics. I started out as a first line support analyst supporting heterogeneous networks but rapidly worked my way up the ranks expanding my knowledge as I went to include areas such as system builds, deployments, networking, and security to name a few.In 2008 I decided to concentrate on the monitoring and management of large enterprise networks using Microsoft's System Center Operations Manager (OpsMgr) 2007 of which I have extensive knowledge. As testament to this the Windows Management User Group (WMUG), invited me to join their ranks as a Community Leader where I have been invaluable in helping to bolster the OpsMgr skills to the benefit of the group and it's members.I have now moved into an OpsMgr 2007 consultancy role to do what I like most - working with OpsMgr and sharing my knowledge and experiences with the community.
Based on feedback from MVPs and other sources, we are concerned about the rise in reported infections due to the worm Win32/Conficker.B also known as “Downadup.” Though systems which have already applied the out-of-band released MS08-067 in October 2008 are protected, unpatched system user have experienced system lockout and other problems.
Last week, we released a version of the Malicious Software Removal tool (MSRT) that can help remove variants of Win32/Conficker and other resources. Please share this information in your communities to help address this threat.
Win32/Conficker.B exploits a vulnerability in the Windows Server service (SVCHOST.EXE) for Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows 2008. While Microsoft addressed this issue in October with Microsoft Security Bulletin MS08-067, and Forefront antivirus and OneCare (as well as other vendor’s anit-virus products) helped protect against infections, many systems that have not been patched manually through Server Update Services and Microsoft/Windows Update or through Automatic Updates have recently come under attack by this worm. Attacked systems may lock out users, disable our update services and block access to security-related Web sites:
In response to this threat, Microsoft has:
· Updated the January version of the MSFT to detect and remove variants of Win32/Conficker.B. You can download this version from the MSRT from either the Microsoft Update site or through its associated Knowledge Base article.
· Created the KB article 962007 “Virus alert about the Win32/Conficker.B worm” to provide public details on the symptoms and removal methods available to address this issue.
· Announced the release of the items and the virus threat itself on the Microsoft Malware Protection Center blog.
It is our hope that these resources can assist you in resolving issues with unpatched, infected systems and that you can apply MS08-067 to any other unpatched systems as soon as possible to avoid this threat.