A New Internet "Worm" has infected over 9 million PCs!
It took a while for hackers to get their attack ready, but in the past week a new Internet Worm has infected an estimated 9 million PCs! Downadup, which also goes by the name "Conficker", exploits a bug in the Windows Server service used by all the common Microsoft operating systems: Windows 2000, XP, Vista, Server 2003 and Server 2008. Although Microsoft fixed the flaw with one of its rare "out of cycle" patch released on October 23, 2008 (http://www.ekaru.com/newsoctober2008.html) , an estimated 1/3 of all PCs have not yet been patched, according to Qualys, an Internet security company. The worm exposes PCs to potential hijack - full remote control! - which could be used to cause serious damage or theft. Follow this link to learn more from NetworkWorld.

The Microsoft patch is available at http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx.

Symantec has a removal tool posted on their web site: http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99

How do you know if your system has the right Microsoft Security Patch installed? Several people have asked us how they would know if their system is patched or not for Microsoft Security Bulletin MS08-067 (KB958644) (or any other patch for that matter). It's easy! Go to "Control Panel" / "Add or Remove Programs" / Click the box for "Show Updates" / Sort by date (makes it easier to find). You should see a reference to KB958644 with a date after 10/23/2008 if the new patch was installed.

Reminder - New Massachusetts Protection of Information Law - Deadline Extended to May 1, 2009.
If you haven't already starting planning for this, now is the time to get ready for the new Massachusetts Protection of Information law which goes into effect in a few months. The new law will affect just about all businesses in Massachusetts.:201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth

With some careful planning, we estimate that only a modest investment is needed to comply, so don't get scared by the published numbers on the mass.gov web site. The key areas that we see the biggest weaknesses are encryption of laptops (the deadline for encryption of other portable devices has been pushed out to January 1, 2010), and encryption of transmitted documents (plain email is NOT allowed). Other than this, enforcement of strong passwords may be a management challenge, but not a financial expense. The other technical requirements are good business practice that you should already be doing to safeguard your business from damage or theft. These practices include encryption of wireless networks, maintaining up to date security patches, antivirus software, and antispyware software, and restricting access to confidential information to those who need the information to perform their job duties.

We are finding that many businesses are not yet aware of the new law, so we are trying to help spread the word and make sure you have time to get in compliance. Let us know if you need any help.

We will be holding a conference call in the next few weeks to go over the new requirements and answer your questions. Let us know if you'd like to join the call by sending an email to Kathy at knoran@ekaru.com

Was this newsletter helpful to you? If so, forward it to a friend or colleague! Do you have suggestions for future newsletter topics or a particular question you'd like to see answered? Send us an email!. We want to write about what's important to you! Click here to read past issues.

Sincerely,
Team Ekaru

Introductory Technology Assessment Over 400 local small businesses have chosen Ekaru to manage their computers and networks. We offer a free, no-obligation initial consultation to get started. We'll visit your office, review your network, and make recommendations. Call us at 978-692-4200 or email us to schedule a no-obligation assessment. If you know someone who could benefit from this offer, simply forward this email to them. Thank You!

           
  ©2009 Ekaru, LLC. All Rights Reserved.