Every few years it seems like a massively virulent worm makes its way around the internet, and certainly this year is no exception.  The worm that everyone has been talking about the last few weeks is the Conficker Worm (Conficker.C to be precise, as this is the third variant of this worm).  This little piece of code does a lot to hide itself and takes advantage of a flaw in unpatched Windows systems.  It has the potential to be very nasty and can quickly spread around a network (and beyond) if left unchecked. 

Over 15 million PCs have reportedly been infected, and all of these suspected infections are supposed to kick in and “phone home’” on April 1st.  What happens when all these machines start phoning home?  No one knows for sure since it hasn’t happened yet, but the general consensus is that one goal may be to create a giant distributed computing environment that can be used for many different purposes; from spamming to snooping, collecting data, logins and passwords, sensitive information and so forth.  Another potential use would be a large-scale Distributed Denial of Service attack (DDOS attack).

Most of the Anti-Virus companies out there have been talking about conficker for weeks or more, and offer ways to keep your systems updated.  Make sure whatever anti-virus package you use, you keep updated.  Also install all the latest patches and/or service packs for your operating system (Mac users don’t have to worry about conficker unless you’re running Windows in a virtual machine or dual booting (i.e. bootcamp)).

Another great weapon against worms like conficker is the free DNS service called OpenDNS (www.opendns.com).  We’ve talked about OpenDNS before and how it can keep your browsing safer and more secure.  They’re an excellent service that enables you to fine tune your DNS and control what your users (or children) can and can’t get to.

OpenDNS has been actively updating their blocklist to include all the domains conficker may try to contact.  Worms like conficker, once activated, contact sites on the internet to get further instructions on what do to, where to go, etc.  Conficker.C supposedly generates some 50,000 domain names a day so trying to keep up with your own blocklist by hand would be a daunting, if not impossible task.

That’s one of the beautiful things about OpenDNS, is that they keep those blocklists updated for you.  By blocking access to those domains at the DNS level, you can effectively shut out any possibility (or most possibilities) of the worm actually being able to do anything.

So to protect yourself, some things to consider:

1. Update your anti-virus programs as soon as possible
2. Ensure real-time scanning is enabled on your Anti-Virus programs
3. Install all hotfixes, patches and updates
4. Turn on firewalls if appropriate (at the router or perimeter as well as individual machines – Again, do so where appropriate and make sure doing so doesn’t break any critical applications or connectivity)
5. Utilize a service like OpenDNS that blocks the vast majority of threats like the Conficker worm at the DNS level

Following these steps can go a long way to preventing the spread of worms, viruses and other general nuisances.

If you have a method or tool you use to keep your networks safe, please feel free to share!

Over at ZDNET.com, they have a new post reviewing the newly leaked 7057 build of Windows 7.  While not the official Release Candidate 1 (RC1) build, they [and other sites] claim the UI has been cleaned up quite a bit, new themes and avatars added, and other graphical polishings that would would lead one to think the Release Candidate is right around the corner.

Others have posted some new screenshots, updates and information on the new build as well, including Paul Thurrott’s Windows Supersite.  Paul’s website is a wealth of information on all things Microsoft and definitely worth checking out if you haven’t been there before.

What does this mean in the grand scheme of things?  Basically it means the Release Candidate (RC1) is getting closer (rumor has sometime in April) and each successive leaked release gives you a closer hint at how this new OS is going to perform.

As an IT professional, it’s always good to get a jump on what’s coming down the pike so you can test things like application, driver and component compatibility.  At this stage a beta doesn’t really help in those areas, but it does prepare you with regard to the overall look and feel, where things are located, nuances with the user interface, imaging requirements, tweaks, etc. 

I haven’t had time to really spend with the new build, but I wanted to let everyone now about it and also get some feedback.  If you’ve been using it (or any Windows 7 build) leave a comment and let everyone know your thoughts.

• Do you like Windows 7 compared to Vista or Windows XP?
• Are you planning on upgrading your personal computer, or if you’re an IT person – upgrading your company
• What enhancements would you like to see that aren’t there?

Palaestra Training is pleased to announce that we have a new trainer joining the company.  Koren Archibald, a Cisco Certified Instructor and Cisco Security expert will be bringing her vast knowledge and expert training skills to our Cisco CCNA: Security video training series scheduled for release in mid-May 2009.

Koren has been training and consulting in the most dynamic environments for over 10 years. She has worked and trained people across a wide spectrum of industries including government, commercial, secure, and extremely large network infrastructures. Koren is also a Microsoft Certified Trainer and consultant with a remarkable ability to convey information clearly and creatively in a technical environment.

She is the president of Wise Technical Innovations in Norfolk, Virginia and her company specializes in the following:

• Creating Cisco secure environments
• System Center Configuration Manager 2007
• SMS
• Project Server 2007 deployments in multi-site environments.

She is well-known for providing tailored solutions that are a perfect blend of training and consulting and Palaestra Training is excited to be able to provide that perfect blend of technical expertise and engaging presentation skills to our students and customers.

Other certifications Koren holds:

• Cisco Certified Systems Instructor #30837
• Cisco CCNA
• Cisco CCNP
• Microsoft MCSE on 2003, 2000 and NT 4.0
• Microsoft Certified Trainer (MCT)
• MCTS Windows Server 2008 Active Directory & Applications Infrastructure
• MCTS Windows Server 2008 Network Infrastructure & Windows Vista
• MCTS Microsoft Office Project 2007
• IT Project+
• Network +