IT Security Alert: Conficker Worm
The widely publicized Conficker worm disables antivirus and operating system updates on infected computers. It may also infect computers using compromised files in Acrobat, Flash, Java and QuickTime. AU computers running Microsoft Windows on campus are largely protected from these vulnerabilities, because Cisco Clean Access checks to make sure antivirus and operating system software are kept up to date. However, it is also a good idea to check your system for vulnerabilities in other programs.
One tool that can be used is the Secunia Online Software Inspector, which is available from secunia.com/vulnerability_scanning/online/. The Secunia OSI will scan your computer and notify you of installed programs which may be vulnerable to Conficker and other exploits. A positive result on this scan does not mean you have an infected computer, only that you have a program that is vulnerable to infection. It will assist you with patching the insecure programs installed on your PC, which may expose you to security threats.
The Office of Information Technology is in the process of deploying a new tool to automatically update other vulnerable programs installed on university-owned computers. In the meantime, it is important to be vigilant about updating programs when they notify you that updates are available, such as Java and Flash updates.
For more information about Conficker, visit isc.sans.org/diary.html?storyid=6091.