The Conficker or Downadup worm (virus) has received a lot of media
coverage recently. The National Cyber Alert System issued US-CERT
Technical Cyber Security Alert TA09-088A, saying:
US-CERT is aware of public reports indicating a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067.
Only Windows computers are at risk, and they're fine if Windows updates have been applied since November. At UVM, only two infections have been reported, and UVM's standard virus protection software, ESET NOD32, has been able to detect conficker for a long time, as well. ESET NOD32 is available to UVM students, faculty, and staff at no extra charge in the UVM software download library.
There are reports of malicious software masquerading as Conficker detection or removal tools. Any software from unknown or untrusted sources should be avoided.
The presence of a Conficker infection may be detected if a user is unable to surf to the following websites:
* http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
* http://www.mcafee.com
If a user is unable to reach either of these websites, a Conficker infection may be indicated (the most current variant of Conficker interferes with queries for these sites, preventing a user from visiting them). If a Conficker infection is suspected, the infected system should be removed from the network. Major anti-virus vendors and Microsoft have released several free tools that can verify the presence of a Conficker infection and remove the worm. Instructions for manually removing a Conficker infection from a system have been published by Microsoft in http://support.microsoft.com/kb/962007.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system.
III. Solution
US-CERT encourages users to prevent a Conficker infection by ensuring all systems have the MS08-067 patch (part of Security Update KB958644, which was published by Miscrosoft in October 2008), disabling AutoRun functionality (see http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and maintaining up-to-date anti-virus software.
Microsoft has a nice diagram of how it works, and how to protect, online at:
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
For news of Conficker's impact on April 1 and later, the following sources may be helpful:
Feeling Conflicted about Conficker?
ComputerWorld Conficker Blog
DShield's Third party information on conficker
If you have questions or concerns about Conficker or other risks to your computer, please contact the ETS Computing Help Line at 656-2604 or online.
US-CERT is aware of public reports indicating a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067.
Only Windows computers are at risk, and they're fine if Windows updates have been applied since November. At UVM, only two infections have been reported, and UVM's standard virus protection software, ESET NOD32, has been able to detect conficker for a long time, as well. ESET NOD32 is available to UVM students, faculty, and staff at no extra charge in the UVM software download library.
There are reports of malicious software masquerading as Conficker detection or removal tools. Any software from unknown or untrusted sources should be avoided.
The US-CERT Technical Cyber Security Alert goes on to explain:
The presence of a Conficker infection may be detected if a user is unable to surf to the following websites:
* http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
* http://www.mcafee.com
If a user is unable to reach either of these websites, a Conficker infection may be indicated (the most current variant of Conficker interferes with queries for these sites, preventing a user from visiting them). If a Conficker infection is suspected, the infected system should be removed from the network. Major anti-virus vendors and Microsoft have released several free tools that can verify the presence of a Conficker infection and remove the worm. Instructions for manually removing a Conficker infection from a system have been published by Microsoft in http://support.microsoft.com/kb/962007.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system.
III. Solution
US-CERT encourages users to prevent a Conficker infection by ensuring all systems have the MS08-067 patch (part of Security Update KB958644, which was published by Miscrosoft in October 2008), disabling AutoRun functionality (see http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and maintaining up-to-date anti-virus software.
Microsoft has a nice diagram of how it works, and how to protect, online at:
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
For news of Conficker's impact on April 1 and later, the following sources may be helpful:
Feeling Conflicted about Conficker?
ComputerWorld Conficker Blog
DShield's Third party information on conficker
If you have questions or concerns about Conficker or other risks to your computer, please contact the ETS Computing Help Line at 656-2604 or online.