LANDesk Patch News Bulletin: LANDesk Security Threat ST000208 for Conficker/Downadup/Kido 26-JAN-2009

Version 6

    LANDesk Security and Patch News  

     

    Update

    (November 23, 2009) ST000208 has been removed from LANDesk content. When this security threat was first released there was a specific detection method that was implemented to determine if a machine was infected. With the latest variants of this virus the original detection method was no longer accurate. A modified approach was used that would scan a machine to see if the latest KIDO Killer utility had been run on  a machine. The results would be that on the first scan virtually all machines would be detected since the KK utility would not have been run on the machine. This potential false positive has caused multiple support calls, so ST000208 has been remove from LANDesk content. For a comprehensive approach to defending and removing KIDO please see the following community bulletin:

     

    Using LANDesk Security Suite and Endpoint Security solutions to combat the Kido virus and other malware

     

    http://community.landesk.com/support/docs/DOC-7145      

          

    Headlines      

    (January 26, 2008) The worm known as, Conficker, Downadup, Kido, or Net-Worm.Win32.Kido (Kaspersky variant) exploits a critical vulnerability ( MS08-067) in Microsoft Windows to spread via local networks and removable storage media. The worm disables system restore, blocks access to security websites, and downloads additional malware to infected machines. LANDesk has created Security Threat ST000208 which will detect and remediate the infection using a specialized tool from our AV partner, Kaspersky. For now the tool works only on NTFS partitions, FAT32 file system is not supported yet. The tool does not detect active virus on FAT32.

     

    More information, see the following links:

     

    http://support.kaspersky.com/wks6mp3/error?qid=208279973

           

     

    http://www.viruslist.com/en/alerts?alertid=203996089

     

          

          

      New Vulnerabilities  

    ·      ST000208

        

          

      Changed Vulnerabilities  

    ·      Vulnerability ID – N/A

          

          

      New Patch Downloads  

    ·      N/A

          

      Where to Send Feedback  

    At LANDesk, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future.  Please continue to provide feedback by contacting our local support organization.

     

     

     

    Best regards,

    LANDesk Product Support

     

     

     

    Copyright © 2009 LANDesk Software.  All rights reserved. LANDesk is either a registered trademark or trademark of LANDesk Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.

    Information in this document is provided for information purposes only.  The information presented here is subject to change without notice.  This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law,     including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDesk disclaims any liability with respect to this document and LANDesk has no responsibility or liability for any third party products of any content contained on any site referenced herein.  This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit     http://www.landesk.com/.