Conficker Worm Due For Evolution
Adam Internet would like to warn all of it's customers about a known computer worm that targets the Microsoft Windows operating system, due for it's next evolution on the 1st of April, 2009.
The Conficker worm exploits a previously patched vulnerability in the Windows Server service used by the following operating systems:
- Windows 2000
- Windows XP
- Windows Vista
- Windows Server 2003
- Windows Server 2008
- Windows 7 Beta and
- Windows Server 2008 R2 Beta
Three main variants of this worm are known and have been dubbed Conficker A, B and C.
The worm has several mechanisms for pushing and pulling itself over a network. Upon infection, the worm saves a copy of itself to a random filename in the Windows sytem folder, then arranges to load itself at boot time as a system service with a randomly-generated name.
Conficker then resets System Restore points and disables a number of system services, such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting.
Some symptoms of the Conficker include but are not necessarily limited to:
- Account lockout policies being reset automatically
- Certain Microsoft Windows services being disabled
- Domain Controllers responding slowly
- System network becoming unusually congested
- Websites related to antivirus software becoming inaccessible
AntiVirus experts say that the Conficker is the worst infection since 2003 and estimate that the number of computers infected range from 9 million up to 15 million PCs.
Microsoft released a patch to fix the vulnerability in October of 2008. Removal tools are available from several vendors, including Microsoft, Symantec McAfee and AVG.
The Microsoft Windows Malicious Software Removal Tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft releases an updated version of this tool on the second Tuesday of each month.
Since the worm can spread using USB drives that trigger AutoRun, disabling the AutoRun feature for external media is recommended, however, this is not fully effective at stopping the Conficker worm spreading.
Microsoft has released a removal guide for the worm via the Microsoft Website.
For more details on the Conficker worm, please see the Microsoft TechNet Blog.