These tools may be useful for infected systems that need to be cleaned prior to putting the MS08-067 security patch in place.
MS08-067 Conficker worm - Description
MS08-067 Conficker worm - F-Secure offers free removal tools
QUOTE: please read the text file included in the ZIP for additional details
Unfortunately there are still a number of home users and smaller businesses where folks are learning security patching lessons the hard way. In some cases consultants may have setup a small business and left the scene without implementing proper security. Security is a fundamental planning and design requirement in any IT solution. But often in quick-and-dirty implementations, it's after thought that's neglected or retrofitted in.
While MS08-067 vulnerabilities, exploits, and now Internet worms have been widely publicized, many users are still becoming victims. Making improvements in Security Patch Management for all Microsoft and non-Microsoft products will greatly improve protection in the coming year.
MS08-067 Conficker.B -- Just in time for New Year's
QUOTE: We've seen another resurgence of Worm:Win32/Conficker, this time as Worm:Win32/Conficker.B . We've already received a number of reports of this new variant from the wild from affected users.
Not surprisingly, a majority of the new infections we’re seeing are on machines that are yet to install the MS08-067 update (see our previous posts 'More MS08-067 Exploits' and 'A Quick Update About MS08-067 Exploits'). This new variant also spreads via network shares by attempting to log in to machines using a list of weak, common and predictable passwords. Make sure you install those patches guys and keep your anti-Virus solution up to date!
Based on current exposures and evolving new threats, this interesting article shares predictions for the coming year. While these threats may not fully evolve, they represent current risks that every corporation should assess and monitor during 2009
Internet Storm Center - Threat predictions for 2009
QUOTE: A collection of predictions about the future of security for computers, networks and information by Stephen Northcutt and friends.
A FEW EXAMPLES:
-- I predict that in 2009 a major corporation who is fully PCI/DSS compliant will experience a major data breach, proving the point that "Compliant" is not the same as "Secure".
-- There will be any number of people warning about MySpace, Facebook, Google Hacking etc in 2009-2010.
-- Encryption for portable storage devices will continue to be a significant challenge for organizations of all sizes
-- Michael Perry blogs that the Yellow Pages will not be useful in 2009, that it will all be done in Google. (e.g., and as many use Internet searches to look up information, there are fake or malicious sites returned in these searches)
-- VOIP security exploits will become more prevalent
-- Information security compliance laws will drive security product development.
-- The use of digital vaults will increase
-- Corporate management will become increasingly aware of intellectual property theft as an IT security risk
-- Personal devices, from the iPhone to personal GPS, are going to throw up so much interference there will be unprecedented
-- Wireless networks will continue to source attacks
-- Someone will unplug the Internet - We've danced around it for quite some time and have seen some examples (youtube.com went away briefly in 2008), but time has come for major meltdown.
-- More focus on data, less on the perimeter