Another Threat Alert for Your Immediate Attention –  WIN32/CONFICKER Worm

A service to all Praxis Data Systems Clients!!

Another well-publicized Virus threat raises a new cause for concern.  HOWEVER...for all of our clients currently under the complete Praxis NETCARE Managed Services Program, we have you covered!   As part of our NetCare Management System we have automatically pushed-out three removal tools from three of the largest anti-virus companies to detect and clean systems that have the Conficker.C worm. In addition, we have added the MS08-067 security update to our patching policy so all machines on Netcare will automatically have the patch installed if it is not already. Conficker exploits the Windows Server service (SVCHOST.EXE) vulnerability outlined in Security Bulletin MS08-067.

We strongly recommend to any clients or prospective Praxis Data clients who are not currently on the “Complete” Netcare System, that you please read the following information and implement the instructions below to help minimize the risk of this threat. While those on our NetCare should familiarize themselves with the threat, you need not install anything as we have done this for you.  All others will need to follow the manual procedures in order to protect your systems.

The below is an excerpt describing the threat and a link for its removal. As threats such as this are constantly knocking at the door of your network, we again offer this simple advice for protecting your system, your business and minimizing your risk of data/financial loss:

1. Be certain that you have the latest version of your AntiVirus installed and the most current AntiVirus Definitions and your backup system is working!
2. Be certain that your Operating System and Browser are up-to-date with all critical security updates and patches.
3. If you do not yet utilize a commercial-grade firewall such as a Sonicwall, CISCO, Watchguard…get one NOW! Using the Comprehensive Gateway Security Suite also substantially enhances the effectiveness of your firewall and increases your protection!

If you have ANY questions as to the status of the above on your network,
Please call Praxis Data immediately for a Network Check or evaluation!
(856) 679-2256

For customers NOT on NetCare this becomes a manual process. You must ensure that you have the MS08-67 patch, and the Conficker removal tools should be run on each computer.

What is the Conficker Worm/Virus?

Win32/Conficker is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Depending on the specific variant, it may also spread via removable drives and by exploiting weak passwords. It disables several important system services and security products and downloads arbitrary files.

Microsoft strongly recommends that users apply the update referred to in Security Bulletin MS08-067 immediately.

Conficker Worm: Help Protect Windows from Conficker
http://technet.microsoft.com/en-us/security/dd452420.aspx

What is Conficker and how does it work?
Conficker is a worm, also known as Kido or Downadup, that cropped up in November. It exploits a vulnerability in Windows that Microsoft patched in October.

Conficker.B, detected in February, added the ability to spread through network shares and via removable storage devices, like USB drives, through the AutoRun function in Windows.

Conficker.C, which surfaced earlier this month, shuts down security services, blocks computers from connecting to security Web sites, and downloads a Trojan. It also reaches out to other infected computers via peer-to-peer networking and includes a list of 50,000 different domains, of which 500 will be contacted by the infected computer on April 1 to receive updated copies or other malware or instructions. Previous Conficker variants were written to connect to 250 domains a day.

Among the domains targeted by Conficker was that of Southwest Airlines, which was expected to see an increase in traffic from the botnet on March 13. But a Southwest spokesman said the worm had had no impact on the site.

DO NOT ATTEMPT TO REMOVE VIRUSES UNLESS YOU HAVE BOTH A BACKUP OF YOUR SYSTEM/DATA AND EXPERIENCE WORKING WITH THE SYSTEM REGISTRY!!! ONE WRONG KEYSTOKE AND NOT HAVING A BACKUP CAN CRIPPLE YOUR SYSTEM AND YOUR BUSINESS!!!

CALL PRAXIS DATA SYSTEMS TODAY FOR ALL
OF YOUR NETWORKING, SECURITY & BACKUP NEEDS
(856) 679-2256

This email is being sent to %EMAIL% from [REMOVED]. You have received this email because you are a client of Praxis Data Systems or have otherwise signed up to receive updates and notices from Praxis Data Systems. To opt out of future marketing communication from Praxis Data Systems, click on or paste the following link into your browser: [REMOVED]

Praxis Data Systems, Inc. :: 4 Foster Avenue, Suite C, Gibbsboro, NJ 08026 :: (856) 679-225