Good Evening,

CCIP issued an alert on 8/01/2009 about the Conficker worm which attempts to exploit a previously patched stack buffer overflow vulnerability in Microsoft Windows Server Service (MS08-067).   CCIP is issuing this update notice to warn organisations of this activity and to prevent further compromises from occurring.

The latest variants of the Conficker worm include updates to its ability to communicate to itself and these changes are scheduled to activate on 1 April 2009, it is unknown what will happen on 1 April 2009.

CCIP has been working with organisations nationally and with the international Conficker Working Group on this situation and would appreciate being informed of any outbreaks of Conficker or incidents relating to Conficker via incidents@ccip.govt.nz as this will assist in CCIP’s ability to determine the impact of Conficker on New Zealand's networks and to coordinate any responses or flows of information.

Further information about Conficker, including how to detect and remove it can be found on the Conficker Working Group website:
http://www.confickerworkinggroup.org/wiki/pmwiki.php?n=ANY.GeneralAssistance

Further infromation about MS08-067 can be found on Microsofts website: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Regards,
Paul.

--
Paul McKitrick
Head of Stakeholder Engagement
Centre for Critical Infrastructure Protection
D: (+64) 4 498 7645
P: (+64) 4 498 7654
F: (+64) 4 498 7655
E: paul.mckitrick@ccip.govt.nz
W: www.ccip.govt.nz

---
This e-mail contains official New Zealand Government information, which is intended for the use of addressees only.  If you have received this e-mail in error, please notify the sender immediately and delete. You should not further disseminate, distribute or copy this e-mail in any way.
---