Conficker worm is back!!!
February 6, 2009 Computer Safety Tip
The last last we heard about Conficker was over a month ago, but the worm has reappeared with retribution over the 
past seven days. According to Finnish security company F-Secure more than one million PCs have been infected with the worm (also known as Kido or Downadup) in the past 24 hours.
The older version of Conficker (Conficker A) isn’t the main problem but the new one, dubbed Conficker B. Diagram below demonstrates how the worm functions.
Once run or given access to an unprotected machine, Conficker.B begins exploring for other systems or shares within the local network that it can infect. Shared systems, removable drives, or unpatched systems are all eligible targets, as are machines with weak passwords. If Conficker.B manages to successfully guess a password, it moves in and continues hunting for new targets.
The Malicious Software Removal Tool (MSRT) has checked for and removed Conficker.B since December 29, 2008, but it’s not possible to access any Microsoft website once Conficker.B has infected a system; the worm blocks access to multiple domains based on string identification. If you’ve got a system that’s infected, you’ll need to download the latest MSRT from Microsoft on a clean system and run it manually.
Not all AV scanners currently detect Conficker.B, even if they`ve been updated to detect Conficker.A. All of Microsoft`s antimalware/antivirus products – Forefront, OneCare and the Online Safety Scanner will find Conficker.B.
It is recommended installed MS08-067, this will not remove and existing infection, but will guard against attack from either version of the agent, provided you aren`t using weak passwords.
Based on the characteristics of a worm such as this, even mandatory updates would only be one facet of prevention.
