Conficker Worm Due For Evolution

Adam Internet would like to warn all of it's customers about a known computer worm that targets the Microsoft Windows operating system, due for it's next evolution on the 1st of April, 2009.

The Conficker worm exploits a previously patched vulnerability in the Windows Server service used by the following operating systems:

Three main variants of this worm are known and have been dubbed Conficker A, B and C.

The worm has several mechanisms for pushing and pulling itself over a network. Upon infection, the worm saves a copy of itself to a random filename in the Windows sytem folder, then arranges to load itself at boot time as a system service with a randomly-generated name.

Conficker then resets System Restore points and disables a number of system services, such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting.

Some symptoms of the Conficker include but are not necessarily limited to:

AntiVirus experts say that the Conficker is the worst infection since 2003 and estimate that the number of computers infected range from 9 million up to 15 million PCs.

Microsoft released a patch to fix the vulnerability in October of 2008. Removal tools are available from several vendors, including Microsoft, Symantec McAfee and AVG.

The Microsoft Windows Malicious Software Removal Tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft releases an updated version of this tool on the second Tuesday of each month.

Since the worm can spread using USB drives that trigger AutoRun, disabling the AutoRun feature for external media is recommended, however, this is not fully effective at stopping the Conficker worm spreading.

Microsoft has released a removal guide for the worm via the Microsoft Website.

For more details on the Conficker worm, please see the Microsoft TechNet Blog.