Conficker, also known as Downup, Downadup and Kido, is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system.

^[1] The worm exploits a previously patched vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta. (from wikipedia) There are four varients of this worm and today it is expected that it recieves some new instructions from it's creator(s).

On April 1st the Conficker worm will simply start taking more steps to protect itself. Beginning on April 1st the worm will use a communications system that is more difficult for security researchers to interrupt.

The Conficker has already managed to infect a large number of computers. Specifics are hard to come by, but some researchers estimate that millions of computers have been infected with this threat since January.

• What does the Conficker worm do?
• Who is at risk?
• What to do if you are infected?

What does the Conficker worm do?

The Conficker worm has created secure infrastructure for cybercrime. The worm allows its creators to remotely install software on infected machines. What will that software do? We don’t know. Most likely the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites.

The Conficker worm mostly spreads across networks. If it finds a vulnerable computer, it turns off the automatic backup service, deletes previous restore points, disables many security services, blocks access to a number of security web sites and opens infected machines to receive additional programs from the malware’s creator. The worm then tries to spread itself to other computers on the same network.

How does the worm infect a computer?

The Downadup worm tries to take advantage of a problem with Windows (a vulnerability) called MS08-067 to quietly install itself. Users who automatically receive updates from Microsoft are already protected from this. The worm also tries to spread by copying itself into shared folders on networks and by infecting USB devices such as memory sticks.

Who is at risk?

Users whose computers are not configured to receive patches and updates from Microsoft and who are not running an up to date antivirus product are most at risk. Users who do not have a genuine version of Windows from Microsoft are most at risk since pirated system usually cannot get Microsoft updates and patches.

What to do if you are infected

If you are reading this page, your computer is probably not infected with Conficker as the worm blocks access to most security web sites.

If you have a computer that is infected, you will need to use an uninfected computer to download a specialized Conficker removal tool from. The tool is available here.
Here are some symptoms your computer may exibit if infected:

• Account lockout policies being reset automatically.
• Certain Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender and Error Reporting Services disabled.
• Domain controllers responding slowly to client requests.
• Congestion on local area networks.
• Web sites related to antivirus software becoming inaccessible.

Advice to Stay Safe from the Downadup Worm:

1. Update your antivirus and antimalware tools. If you don't have anything like that I recommend AVG free. http://free.avg.com
2. Keep your computer updated with the latest patches. If you don’t know how to do this, have someone help you set your system to update itself.
3. Don’t use “free” security scans that pop up on many web sites. All too often these are fake, using scare tactics to try to get you to purchase their “full” service. In many cases these are actually infecting you while they run. There is reason to believe that the creators of the Conficker worm are associated with some of these fake security products.
5. Turn off the “autorun” feature that will automatically run programs found on memory sticks and other USB devices. http://en.wikipedia.org/wiki/AutoRun
6. Be smart with your passwords. This includes

• Change your passwords periodically
• Use complex passwords – no simple names or words, use special characters and numbers
• Using a separate, longer password for each site that has sensitive personal information or access to your bank accounts or credit cards.I recommend a free tool called KEEPASS found here http://keepass.info

If you follow the above advice and aren't already infected, chances are pretty good that you have nothing to worry about. Please feel free to contact me with any other concerns or help.