ASG Section
Astaro Security Gateway
All in One - The Unified Theat Management Appliance that brings Enterprise-Class Network, Web and Email Security to small and medium sized businesses.
Learn more Try nowAMG Section
Astaro Mail Gateway
Stop Spam - The Mail Security Appliance that keeps your inbox clean, filters malware and encrypts emails.
Learn more Try nowAWG Section
Astaro Web Gateway
Stop wasting time - The Web Security Appliance that blocks unproductive web surfing, controls IM and P2P usage and filters malware.
Learn more Try nowACC Section
Astaro Command Center
Keep Control - The Central Management Appliance to monitor, maintain and configure all your Astaro Gateway installations.
Learn more Try nowProduct Selector Toolbar
« AxG V7.401 Released | Main | Up2date 7.402 Launched »
Astaro Patterns: Controlling Conficker Worm
With the recent attention in the media to the Conficker Worm, many customers have general questions regarding this threat. For the short version, Astaro installations with HTTP Virus protection via the Web Security package have been protected against the HTTP download distribution (such as variant C) of this worm since January.
However, with this Worm's ability to spread multiple ways, such as the TCP and UDP transfer of the payload, Virus scanning at the gateway should be bolstered by Intrusion Protection to offer a more complete security defense against Conficker. Read on for details as to how Astaro can aid you in fighting this worm!
New IPS Rules
Astaro Global Pattern Up2Date #9422 adds two new Intrusion Protection Rules, numbers 2000011 and 2000022 which are designed to identify and stop code execution of Conficker variants A and B respectively. If you have automatic pattern Up2Dates enabled (the default) this protection will be added automatically during the next few minutes. Otherwise please perform a manual pattern Up2Date if you are not using the automatic feature for patterns.
Ensure You Are Protected
To ensure you are protecting your network using these new patterns, in WebAdmin go to Network Security-->Intrusion Protection-->then the "Attack Patterns" Tab. From there, ensure the pattern group "Windows" under Operating System Specific Attacks is checked, and the action is set to "Drop".
Forensic Information via Logs
In the logging system for Intrusion Protection, if you would like to search for Conficker A/B attacks, simply search for the appropriate rule ID. A logfile entry will look like the below upon a pattern recognition:
1. A conficker.a shellcode with SID 2000011 Group 110
2. "A conficker.b shellcode" with SID 2000022 Group 110
As always, if you have any questions about Astaro protecting you against Conficker, or any threats, let us know on our Online Forums or place a ticket with Astaro Support.
Cheers,
The Astaro Product Management Team
- Current Versions
-
- ASG V7: 7.502
- AMG V7: 7.502
- AWG V7: 7.502
- ACC V2: 2.100
- ASC V9: 9.2
- ASG V6: 6.315 (EOL)
- ARM V4: 4.6
- Release Notes
- Known Issues Lists
- Hardware Compatibility Lists
- Links
- Subscribe to this blog's feed
-
- RSS (What is this?)
- By Product
- Recent Posts
-
- Astaro Secure Client V9.2 released
- Up2Date 7.502 Released
- Astaro Command Center 2.1 GA Released
- ACC 2.1 Licensing
- Astaro Command Center 2.1 Released
- Astaro Command Center 2.1 BETA Release Candidate
- Astaro Mail Archiving Service Open BETA Launched
- AxG 7.501 Up2Date Released
- Astaro Command Center 2.1 BETA Begins
- 7.500 HA Notice
- By Month