Sunday, March 29, 2009

US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-088A


Conficker Worm Targets Microsoft Windows Systems

Original release date: March 29, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows


Overview

US-CERT is aware of public reports indicating a widespread
infection of the Conficker worm, which can infect a Microsoft
Windows system from a thumb drive, a network share, or directly
across a network if the host is not patched with MS08-067.


I. Description

The presence of a Conficker infection may be detected if a user is
unable to surf to the following websites:

* http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
* http://www.mcafee.com

If a user is unable to reach either of these websites, a Conficker
infection may be indicated (the most current variant of Conficker
interferes with queries for these sites, preventing a user from
visiting them). If a Conficker infection is suspected, the
infected system should be removed from the network. Major
anti-virus vendors and Microsoft have released several free tools
that can verify the presence of a Conficker infection and remove
the worm. Instructions for manually removing a Conficker infection
from a system have been published by Microsoft in
http://support.microsoft.com/kb/962007.


II. Impact

A remote, unauthenticated attacker could execute arbitrary code on
a vulnerable system.


III. Solution

US-CERT encourages users to prevent a Conficker infection by
ensuring all systems have the MS08-067 patch (part of Security
Update KB958644, which was published by Miscrosoft in October
2008), disabling AutoRun functionality (see
http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and
maintaining up-to-date anti-virus software.


IV. References

* Virus alert about the Win32/Conficker.B worm -
<http://support.microsoft.com/kb/962007>

* Microsoft Security Bulletin MS08-067 - Critical -
<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>

* Microsoft Windows Does Not Disable AutoRun Properly -
<http://www.us-cert.gov/cas/techalerts/TA09-020A.html>

* MS08-067: Vulnerability in Server service could allow remote code
execution -
<http://support.microsoft.com/kb/958644>

* The Conficker Worm -
<http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm>

* W32/Conficker.worm -
<http://us.mcafee.com/root/campaign.asp?cid=54857>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA09-088A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-088A Feedback VU#827267" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

March 29, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSdAg4XIHljM+H4irAQJ16Af9G3xHegmJB2Nx9u6J3kl8un/2Tz5J40sr
DW/GTU0rvHtXDg/2Xs3Gv2IHYWqBRWG6HjZ1FbuTWbBqHvlWk0QVrjeeihNeXElP
hp+ZRN6y+tHDCPRz1XT2YLE3zDldLv4v2c9YmsIEVdICiQZYe6Y/ECKNDWXcUzNt
EweRdI6/ZsAnyfZU24TxESH0L2/vQ4Qb3bRReCcVK4SWhno4cewsiiM5eAXs2EOP
VcSH6UnEE2V/841IHcCV9i5NM7aO2VDvh1lolsr/HvpWROThKslLX/FO2nIdA78d
ktvdaddRdHhJAWOkErlT8cj3nGXj0g2H1HQcDK8Nua/gEc2zOfog/Q==
=sk7E
-----END PGP SIGNATURE-----

California Fire News - Updates in your mail box

California Fire News - Updates in your mail box

Link to California Fire News - Structure, Wildland, EMS

Bonehead News: DHS Fire department unnecessarily involved in raids

Posted: 29 Mar 2009 06:51 AM PDT

Gangsta being booked at Firehouse

Operation Falling Sun - In a massive crackdown on gang activity Federal, State and local law enforcement conducted a huge series of raids arresting 120 suspects in a manner of hours in the community of Desert Hot Springs on Friday.

Nearly 700 federal, state and local police officers targeted 450 known and suspected gang members in neighborhoods throughout Desert Hot Springs.

By midday Friday, more than 120 people were arrested.

The cost of Operation Falling Sun was estimated at $2.5 million

But in a Bonehead award winning move Law enforcement felt compelled to involve the Fire Department in the raids by using a fire station as a booking center.

Unnecessary law enforcement assistance such as this is just asking for trouble, from a retaliatory driveby shootings to the simple perception of firefighters being law enforcement the outcome cannot be a positive one.

Why did the DHS Fire Chief allow his department to be used like this?

Police bring suspected gang members into a DHS fire station for processing after rounding them up Friday during a multi-agency raid.

Police bring suspected gang members into a Desert Hot Springs fire station for processing after rounding them up Friday during a multi-agency raid.

Photo credit: Jay Calderon The Desert Sun
Full story at: www.mydesert.com - Link

Wildland Firefighter Foundation News: 5th Annual Family Day

Posted: 28 Mar 2009 07:58 PM PDT

Family Fire 2009 Registration

Family Fire
Please join us for the 5th Annual Family Day presented by the Wildland Firefighter Foundation. The two day event will be held at the WFF and across the street at the National Interagency Fire Center. WFF is located at 2049 Airport Way, Boise ID 83705. Map it.

SATURDAY, MAY 16 & SUNDAY, MAY 17, 2009
Smokey Bear / Kids Activities / Wildland Job Demonstrations /Breakout Sessions / Healing Ceremonies / Firefighter Recognition / Monument Ceremony

ATTENDING? Please fill out this form, and mail, fax, or email to the Foundation by May 10, 2009. Include name(s) of everyone who will be attending and ages of children.

HOTELS IN THE AREA - ASK FOR GOVT RATE.
Please let us know how we can assist you!

Oxford Inn (208) 322-8000 (Vicki recommends this place!) It is a great place for kids with game world, theaters and paintball close by.
Best Western Vista Inn: (208) 336.8100
Sleep Inn (208) 336.7377
Inn America (208) 389.9800
Comfort Inn (208) 336.0077
Best Western Airport Inn (208) 384.5000
Holiday Inn (208) 343.4900

QUESTIONS?
Read more about family fire here.
Call Julie @ 208.869.6195 or WFF @ 208.336.2996

More information: Wildland Firefighter Foundation - Link

This posting includes an audio/video/photo media file: Download Now

CNN.com

News: Breaking News -- MercuryNews.com

AP Top U.S. News At 8:45 p.m.