How secure is your network?
Conficker [?] is set to start its new "upgrade" right now, starting in the GMT timezone and rolling around the world as
End users can do quick tests such as the ones listed at the US-CERT. Specifically, trying to go to these three sites and if your system cannot access them, most likely you have a version of Conficker:
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
http://www.mcafee.com
If you're a network administrator, there are many things you can do to proactively protect your network. Network Associate's McAfee and Symantec's Antivirus products offer centralized management approaches which allow you to not only centrally deploy and enforce deployment of antivirus, but also check the status on systems. Any system that hasn't checked in and downloaded updates within the last week is probably infected with Conficker or another disabling virus or trojan.
I've seen a number of USB thumb and external hard drives infested recently. The most dangerous things I've seen are outside vendors with infected USB devices who are working on servers and often these servers aren't patched or rebooted without major headache (maintenance windows, etc.).
Some simple suggestion there would be to only connect those USB devices to secured hosts that are fully patched, and running as non-Local Administrator accounts that have Autorun fully disabled. These two sites discuss what is needed to disable Autorun:
Use this work around as the regular Autorun disable didn't work right:
http://www.us-cert.gov/cas/techalerts/TA09-020A.html
Or install this update and set 0xFF:
http://support.microsoft.com/kb/967715
Other things you can do to protect your network is to use Windows Server Update Services (WSUS) to make sure all of your Microsoft Windows systems get the critical patches they need, but on your own time-table so that critical systems aren't patched willy-nilly via WindowsUpdate.microsoft.com.
You can deploy a proxy server and only allow it direct internet access, and then have your network firewall all other internet access for inside hosts. Most virus/trojans don't bother or want to use the proxy settings and will try to go to the internet directly. Reviewing your network firewall logs will report all of these attempts and then the offending systems can be tracked down and cleaned using tools like Network Authority Inventory.
Finally, for the very technical, you can use Nmap to scan your network for hosts to see if they're infected with Conficker. Details here, but the short version is you'll need Nmap 4.85BETA5 and then scan for Conficker with:
nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks]
