Published on support.wavesco.com (http://support.wavesco.com)

Home > Conficker Worm Targets Microsoft Windows Systems

By admin
Created 03/31/2009 - 14:07

Conficker Worm Targets Microsoft Windows Systems

Overview: 

US-CERT is aware of public reports indicating a widespread infection of the Conficker/Downadup worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a corporate network, if the network servers are not patched with the MS08-067 [1] patch from Microsoft.

 

Impact: 

A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system.

Description: 

Home users can apply a simple test for the presence of a Conficker/Downadup infection on their home computers.  The presence of a Conficker/Downadup infection may be detected if a user is unable to surf to their security solution website or if they are unable to connect to the websites, by downloading detection/removal tools available free from those sites:

If a user is unable to reach any of these websites, it may indicate a Conficker/Downadup infection.  The most recent variant of Conficker/Downadup interferes with queries for these sites, preventing a user from visiting them.  If a Conficker/Downadup infection is suspected, the system or computer should be removed from the network or unplugged from the Internet - in the case for home users.

Solution: 

Instructions, support and more information on how to manually remove a Conficker/Downadup infection from a system have been published by major security vendors.  Please see below for a few of those sites. Each of these vendors offers free tools that can verify the presence of a Conficker/Downadup infection and remove the worm:

Symantec:

http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99 [5]

Microsoft:

http://support.microsoft.com/kb/962007 [6]

http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx [3]

Microsoft PC Safety hotline at 1-866-PCSAFETY, for assistance.

US-CERT encourages users to prevent a Conficker/Downadup infection by ensuring all systems have the MS08-067 patch (see http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx [1]), disabling AutoRun functionality (see http://www.us-cert.gov/cas/techalerts/TA09-020A.html [7]), and maintaining up-to-date anti-virus software.

References: 

 

Produced 2009 by US-CERT, a government organization. Terms of use [11]

Powered by Drupal, an open source content management system
Syndicate
Syndicate content
more
Source URL (retrieved on 02/09/2012 - 18:36): http://support.wavesco.com/advisories/20090331/63

Links:
[1] http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
[2] http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
[3] http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
[4] http://www.mcafee.com/
[5] http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99
[6] http://support.microsoft.com/kb/962007
[7] http://www.us-cert.gov/cas/techalerts/TA09-020A.html
[8] http://support.microsoft.com/kb/958644
[9] http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm
[10] http://us.mcafee.com/root/campaign.asp?cid=54857
[11] http://www.us-cert.gov/legal.html