Conficker Worm Warning

Messages
8,474
Location
Australia
Am I at risk of having the Conficker worm?

Most antivirus software could detect and block the Conficker worm, so if you have updated antivirus software on your computer, you are at a much lower risk of being infected by the Conficker worm.
If you or your network administrator have not installed the latest security updates from Microsoft and your antivirus provider, and if you have file-sharing turned on, the Conficker worm could allow remote code execution. Remote code execution allows an attacker to take control of your computer and use it for malicious purposes.
Top of page
What does the Conficker worm do?

To date, security researchers have discovered two variants of the worm in the wild.
• Win32/Conficker.A was reported to Microsoft on November 21, 2008.
• Win32/Conficker.B was reported to Microsoft on December 29, 2008.
• Win32/Conficker.C was reported to Microsoft on February 20, 2009.
• Win32/Conficker.D was reported to Microsoft on March 4, 2009.
Win32/Conficker.B might spread through file sharing and via removable drives, such as USB drives (also known as thumb drives). The worm adds a file to the removable drive so that when the drive is used, the AutoPlay dialog will show one additional option.
The Conficker worm can also disable important services on your computer.
In the screenshot of the Autoplay dialog box below, the option Open folder to view files — Publisher not specified was added by the worm. The highlighted option — Open folder to view files — using Windows Explorer is the option that Windows provides and the option you should use.
If you select the first option, the worm executes and can begin to spread itself to other computers.

The option Open folder to view files — Publisher not specified was added by the worm.

Top of page
How does the Conficker worm work?

Here's an illustration of how the Conficker worm works.
diagram.jpg


Top of page
How do I remove the Conficker worm?

If your computer is infected with the Conficker worm, you may be unable to download certain security products, such as the Microsoft Malicious Software Removal Tool or accessing certain Web sites, such as Microsoft Update. If you can't access those tools, try using the Windows Live OneCare Safety Scanner.
Top of page
Where can I find more technical information about the Conficker worm and how can I stay up to date on the Conficker worm?

•For additional information, see Centralized Information About the Conficker Worm.
•For more technical information about the Conficker worm, see the Microsoft Malware Protection Center Virus Encyclopedia
•Bookmark the Microsoft Malware Protection Center portal and the Microsoft Malware Protection Center blog for updated information.
•For symptoms and detailed information about how to remove the Conficker worm, see Help and Support: Virus alert about the Conficker Worm.
•To continue to get updated information on security, sign up for the Microsoft Security for Home Computer Users newsletter.
For more information, see How to prevent computer worms and How to remove computer worms.
I Recomend download these and running them:

For XP:

Windows XP Service Pack 3 - Security Update

Malicious Software Removal Tool


for Vista:

Windows Vista and Windows Vista Service Pack 1 - Security Update

Malicious Software Removal Tool
 
the picture is wrong.

computers with proper password policy won't make much of a difference since the password guessing part of this virus appears to brute force passwords.

I think that the only way t be sure that you don't have this is to install the update the guards against it.
 
Most of that is common sense in terms of security. All passwords should contain at least one number, one piece of punctuation and one letter of another case. All computers should be protected by a decent piece of decent anti-virus software (and not necessarily something that is commercial) and a firewall. And common sense should also apply to usage.

Scanning removable drives regularly, as well as your computer as a whole, are recommended. Similarly, always making sure that you access websites that you trust and only download things that you can be certain won't contain any malicious software. Any download boxes that pop up without you requesting them should be ignored.

The vast majority of all virus infections are down to users not following good practice, to be honest.

This worm is interesting and I'll be keeping an eye out for anything suspicious, but I'm not really too worried about it. In part, because my Windows machine is in bits whilst the motherboard away (d'oh >.<) and in part because it appears to be Windows-restricted.

Good job we applied all the latest updates to our software images at work lately, though, eh? :p
 
I'm a little worried since I have a fairly large home network (4 desktop computers and 3 laptops) and a father that opens every email attachment, pop up, and advertisement he sees.
 
I'm a little worried since I have a fairly large home network (4 desktop computers and 3 laptops) and a father that opens every email attachment, pop up, and advertisement he sees.

Teach him not to. Sounds like an ignorant response, but it's something that could save you some stress and headaches.
 
I do tell him constantly. for the most part now hes fine with avertisements and such but if someone he knows gets infected with something and it emails him he still opens what ever it is and gets the virus because he thinks why would a friend send me a virus.
I mean C'mon were talking about a guy who occasionally still looks for the "any key"

what does Conficker worm use to spread?
 
I do tell him constantly. for the most part now hes fine with avertisements and such but if someone he knows gets infected with something and it emails him he still opens what ever it is and gets the virus because he thinks why would a friend send me a virus.
I mean C'mon were talking about a guy who occasionally still looks for the "any key"

sen d him a virus and say you don't know what it is. That'll teach him lol
 
Will it turn out to be nothing more then an April Fool's Day hoax or a genuine I-Worm?

"April Fool's Conficker Threat is Likely Hype
Despite warnings of digital Armageddon come April 1, experts say you can probably breathe easy." http://abcnews.go.com/Technology/PCWorld/story?id=7192757

Someone seems to have a possible solution since this thread was started.

"Conficker Computer Worm 'Tamed'?
Security Groups Say They Have Detection Tool to Stop Conficker" http://abcnews.go.com/Technology/story?id=7218673&page=1
 
Back
Top Bottom