Replies

Using a combination of intelligent routers, carefully located segmenting firewalls, VLANS, and a new forced update system to keep everyone patched up, we're crossing our fingers that this one wont hit us in any significant way.

Block inbound traffic on TCP port 445.

Block inbound traffic on TCP port 445.

We are doing so from the Internet, but we have more than a thousand outside PC's that connect via RAS or VPN, and they tend to be the weak link in our security. We've blocked 445 at our inbound RAS and VPN concentrators, but it only takes one person inadvertently moving an infected payload on an alternate port, or one variant to switch the port before we can react, and we're infected (updating the concentrator to block certain ports temporarily boots all of the connections while the rules are being updated...booting 1000+ users off the network isn't something that can be done quickly or lightly).

So far, everything looks clean. Our operations guys are actively scanning our network and haven't yet spotted any signs of the virus. Our firewall logs, however, have been showing a pretty dramatic increase in the number of blocked 455 connection attempts since 5AM this morning.