—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
National Cyber Alert System
Cyber Security Alert SA09-088A
Conficker Worm Targets Microsoft Windows Systems
Original release date: March 29, 2009
Last revised: –
Source: US-CERT
Systems Affected
* Microsoft Windows
Overview
US-CERT is aware of public reports indicating a widespread
infection of the Conficker worm, which can infect a Microsoft
Windows system from a thumb drive, a network share, or directly
across a network if the host is not patched with MS08-067.
Solution
Install updates
The updates to address these vulnerabilities are available on the
Microsoft Update site. We recommend enabling Automatic Updates.
Description
The presence of a Conficker infection may be detected if a user is
unable to surf to the following websites:
* http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
* http://www.mcafee.com
If a user is unable to reach either of these websites, a Conficker
infection may be indicated (the most current variant of Conficker
interferes with queries for these sites, preventing a user from
visiting them). If a Conficker infection is suspected, the user
should run the Microsoft Windows Malicious Software Removal Tool
and install updates available from the Microsoft Update site.
References
* Microsoft Windows Malicious Software Removal Tool -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356>
* Microsoft Updates Website -
<http://update.microsoft.com/microsoftupdate/>
* US-CERT Technical Cyber Security Alert TA09-088A -
<http://www.us-cert.gov/cas/techalerts/TA09-088A.html>
* Virus alert about the Win32/Conficker.B worm -
<http://support.microsoft.com/kb/962007>
* The Conficker Worm -
<http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm>
* W32/Conficker.worm -
<http://us.mcafee.com/root/campaign.asp?cid=54857>
* Microsoft Automatic Updates -
<http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx>
