US-CERT Current Activity – Conficker Worm Targets Microsoft Windows Systems
Original release date: March 29, 2009 at 8:18 pm
Last revised: March 29, 2009 at 8:18 pm
US-CERT is aware of public reports indicating a widespread infection
of the Conficker worm, which can infect a Microsoft Windows system
from a thumb drive, a network share, or directly across the network if
the host is not patched with MS08-067.
The presence of a Conficker infection may be detected if a user is
unable to navigate to the following websites:
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=u
s_ghp+link_conficker_worm
http://www.mcafee.com
If a user is unable to reach either of these websites, the Conficker
infection may be indicated (the most current variant of Conficker
interferes with queries for these sites, preventing a user from
visiting them). If a Conficker infection is suspected, the infected
system should be removed from the network. Major anti-virus vendors
and Microsoft have released several free tools that can verify the
presence of a Conficker infection and remove the worm. Instructions
for manually removing a Conficker infection from a system have been
published by Microsoft in Knowledgebase Article 962007.
US-CERT encourages users to prevent a Conficker infection by ensuring
all systems have the MS08-067 patch (part of Security Update KB958644,
which was published by Microsoft in October 2008), disabling AutoRun
functionality (see US-CERT Technical Cyber Security Alert TA09-020A),
and maintaining up-to-date antivirus software.
US-CERT will provide additional information as it becomes available.
Relevant Url(s):
<http://support.microsoft.com/kb/958644>
<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>
<http://www.us-cert.gov/cas/techalerts/TA09-020A.html>
<http://support.microsoft.com/kb/962007>
<http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm>
====
This entry is available at
http://www.us-cert.gov/current/index.html#conficker_worm_information
