1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Conflicker

Discussion in 'Computer Security' started by greenbrucelee, Feb 18, 2009.

  1. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    If you are running McAfee you must be running version 8.7 to protect against this virus.

    A rival company of ours who use the same type of system to produce their papers had 10000 machines affected because they were running version 8. This is confirmed in the McAfee forums.:D
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  2. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Nonsense

    The version of the McAfee scanner has nothing to do with removal of Conficker. Problems removing conficker relate to dat files being unable to cope with the way conficker morphs (signature-based AV is on the way out for this very reason - the need to retain immense libraries of signatures against every variant of every threat known), the account used to run cleanup/removal tools having escalated privileges (and thus enabling the worm to propagate further through the network), removal needing to be run in safe mode to properly disinfect the machine and general laziness regarding patching of systems - the patch that prevent conficker infection in the first place is four months old!

    I have personally attempted to infect machines on my test network at home with several versions of Conficker - all of them running the patch, but some having VirusScan 8 and others 8.5. None of the test infections were successful - because the machines are all patched up with the latest Windows Updates - and McAfee detected and deleted/quarantined every attempt I made to infect those machines.
     
    Certifications: A few
    WIP: None - f*** 'em
  3. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    weird:blink we were informed that if PCs were not update Windows wise then 8.7 must be used. Apparently at our rival it took over the AD servers and just wiped everything else out.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  4. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Sounds like you're in the right company then! Pound to a penny they haven't patched for about a year. Still not seen a single infection on any of the networks or machines I manage.
     
    Certifications: A few
    WIP: None - f*** 'em
  5. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    My IT lot are a joke, there's four people for 1000 machines one of them has told us she's coming to ghost the dying pc I am typing on now and replace it with another, this was a week ago. She been saying this everyday.

    Half our pcs have had the update symbol on them for weeks if not months. There's only one IT bod that does anything.

    EDIT: and they me doing stuff for no extra pay.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  6. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    You're getting valuable experience, which, in my opinion, is worth far more than a couple grand a month. Long term, you'll be in great shape, GBL.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  7. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Extra work? No pay?

    Welcome to IT :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010

Share This Page

Loading...