US-CERT is reporting that they’re aware of widespread infection of the Conficker Worm.
The worm infects computers running Microsoft Windows via a thumb drive, a network share, or directly across the network if the host is not patched with update MS08-067.
The presence of a Conficker infection may be detected if a user is unable to navigate to the following websites:
If a user is unable to reach either of these websites, the Conficker infection may be indicated (the most current variant of Conficker interferes with queries for these sites, preventing a user from visiting them). If a Conficker infection is suspected, the infected system should be removed from the network. Major anti-virus vendors and Microsoft have released several free tools that can verify the presence of a Conficker infection and remove the worm. Instructions for manually removing a Conficker infection from a system have been published by Microsoft in Knowledgebase Article 962007.
US-CERT encourages users to prevent a Conficker infection by ensuring all systems have the MS08-067 patch (part of Security Update KB958644, which was published by Microsoft in October 2008), disabling AutoRun functionality (see US-CERT Technical Cyber Security Alert TA09-020A), and maintaining up-to-date antivirus software.
US-CERT will provide additional information as it becomes available.
Filed Under: Tech News