Test for Conficker infection

Posted on April 5, 2009 by
 
                    National Cyber Alert System

                  Cyber Security Alert SA09-088A

Conficker Worm Targets Microsoft Windows Systems

   Original release date: March 29, 2009
   Last revised: March 30, 2009
   Source: US-CERT

Systems Affected

     * Microsoft Windows

Overview

   US-CERT is aware of public reports indicating a widespread
   infection of the Conficker/Downadup worm, which can infect a
   Microsoft Windows system from a thumb drive, a network share, or
   directly across a corporate network, if the network servers are not
   patched with the MS08-067 patch from Microsoft.

Solution

   Instructions, support and more information on how to manually
   remove a Conficker/Downadup infection from a system have been
   published by major security vendors.  Please see below for a few of
   those sites. Each of these vendors offers free tools that can
   verify the presence of a Conficker/Downadup infection and remove
   the worm:

   Symantec:
   http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99

   Microsoft:
   http://support.microsoft.com/kb/962007

   http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

   Microsoft PC Safety hotline at 1-866-PCSAFETY, for assistance.

   US-CERT encourages users to prevent a Conficker/Downadup infection by
   ensuring all systems have the MS08-067 patch (see
   http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx),
   disabling AutoRun functionality (see
   http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and
   maintaining up-to-date anti-virus software.

Description

   Home users can apply a simple test for the presence of a
   Conficker/Downadup infection on their home computers.  The presence
   of a Conficker/Downadup infection may be detected if a user is
   unable to surf to their security solution website or if they are
   unable to connect to the websites, by downloading detection/removal
   tools available free from those sites:
  
   * http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
   * http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
   * http://www.mcafee.com
  
   If a user is unable to reach any of these websites, it may indicate
   a Conficker/Downadup infection.  The most recent variant of
   Conficker/Downadup interferes with queries for these sites,
   preventing a user from visiting them.  If a Conficker/Downadup
   infection is suspected, the system or computer should be removed
   from the network or unplugged from the Internet – in the case for
   home users.

References

 * Microsoft Windows Malicious Software Removal Tool -
   <http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356>

 * Microsoft Updates Website -
   <http://update.microsoft.com/microsoftupdate/>

 * US-CERT Technical Cyber Security Alert TA09-088A -
   <http://www.us-cert.gov/cas/techalerts/TA09-088A.html>

 * Virus alert about the Win32/Conficker.B worm -
   <http://support.microsoft.com/kb/962007>

 * The Conficker Worm -
   <http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm>

 * W32/Conficker.worm -
   <http://us.mcafee.com/root/campaign.asp?cid=54857>

 * Microsoft Automatic Updates -
   <http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx>

 
About these ads
This entry was posted in Computers and Internet. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s