« National Cyber Alert System – Cyber Security Alert SA09-088A
National Cyber Alert System – Technical Cyber Security Alert TA09-088A »

US-CERT Current Activity – Conficker Worm Targets Microsoft Windows Systems

Friday, April 3rd, 2009 - 6:22 am - Microsoft and US-Cert Security Bulletins

Original release date: March 29, 2009 at 8:18 pm
Last revised: March 30, 2009 at 3:06 pm

US-CERT is aware of public reports indicating a widespread infection
of the Conficker/Downadup worm, which can infect a Microsoft Windows
system from a thumb drive, a network share, or directly across a
corporate network, if the network servers are not patched with the
MS08-067 patch from Microsoft.

Home users can apply a simple test for the presence of a
Conficker/Downadup infection on their home computers. The presence of
a Conficker/Downadup infection may be detected if a user is unable to
surf to their security solution website or if they are unable to
connect to the websites, by downloading detection/removal tools
available free from those sites:

http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=u
s_ghp_link_conficker_worm
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
http://www.mcafee.com

If a user is unable to reach any of these websites, it may indicate a
Conficker/Downadup infection. The most recent variant of
Conficker/Downadup interferes with queries for these sites, preventing
a user from visiting them. If a Conficker/Downadup infection is
suspected, the system or computer should be removed from the network
or unplugged from the Internet – in the case for home users.

Instructions, support and more information on how to manually remove a
Conficker/Downadup infection from a system have been published by
major security vendors. Please see below for a few of those sites.
Each of these vendors offers free tools that can verify the presence
of a Conficker/Downadup infection and remove the worm:

Symantec:

http://www.symantec.com/business/security_response/writeup.jsp?docid=2
009-011316-0247-99

Microsoft:

http://support.microsoft.com/kb/962007

http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

Microsoft PC Safety hotline at 1-866-PCSAFETY, for assistance.

US-CERT encourages users to prevent a Conficker/Downadup infection by
ensuring all systems have the MS08-067 patch (see
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx),
disabling AutoRun functionality (see
http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and maintaining
up-to-date anti-virus software.

Relevant Url(s):
<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>

<http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx>

<http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99>

<http://www.us-cert.gov/cas/techalerts/TA09-020A.html>

<http://support.microsoft.com/kb/962007>

<http://www.mcafee.com/>

<http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm>

====
This entry is available at
http://www.us-cert.gov/current/index.html#conficker_worm_information


Leave a Reply

SEO Powered by Platinum SEO from Techblissonline