Thursday, October 01, 2009

Fighting things like Conficker

By Kristy Westphal | Sep 28, 2009

A lot of really good research has been published about the malware like the Conficker worm, its many forms, infection vectors and speculation as to what it’s going to do next. But what seems to be missing is the operational side of fighting Conficker. What signs would you expect to see, how do you really fight it and what can you possibly do to prevent it?

Here’s a fictional case study that may be of help.

Day one: Why is my account getting locked out?

You come in to the office thinking it's just another day in the security trenches, but when you try to log on to the network you notice your account is locked out. OK, no big deal, although a little odd. You could call the help desk but you reset it yourself and then head for a cup of coffee when you realize a number of employees are wondering around mumbling about being locked out and complaining about a huge help desk queue.

OK, now something is smelling fishy. You start to check around and realize that accounts are being locked out all over the network. Time for your operational team to start doing some homework.

Read more Network World Asia