Book online and save 10% off your next service call. Offer good through 7/31/2011.

Conficker Worm

W32/Conficker.worm.gen.d is a worm, which exploits the MS08-067 vulnerability in Microsoft Windows Server Service which may allow for remote code execution. This flaw lies in the improper handling of specially-crafted (malicious) RPC requests and was patched on October 23, 2008.

Worried about Conficker? A few simple steps can protect you.

Target: All users of Windows XP and Windows Vista.

If you reached this web site, your computer is not infected. If you are running an up-to-date version of a Norton security solution – you are not infected.

The Conficker worm is no longer spreading quickly. On April 1st the worm took steps to protect itself. Since then we have seen signs that the worm may be spreading new malicious code between already infected machines.

If you have a computer that cannot access symantec.com, microsoft.com or the web sites of other security vendors your computer may be infected. If that is the case, follow the steps below (see “What to do if you are infected”).

The Conficker worm, sometimes called Downadup or Kido has managed to infect a large number of computers. Specifics are hard to come by, but some researchers estimate that millions of computers have been infected with this threat since January. Current users of Symantec’s Norton security products are protected. Users who lack protection are invited to download a trial version of Norton AntiVirus 2009, Norton Internet Security 2009 or Norton 360 Version 3.0. If you are unable to reach our web site, you may be infected. In that case you will need to get to a computer that is not infected, download our specialized Conficker removal tool and run it on the infected machine before installing new antivirus software. Symantec has a detailed technical analysis of the threat here.

CBS correspondent Lesley Stahl met with Steve Trilling, Symantec’s VP of Security Technology and Response, to talk about the impact of Conficker worm. Watch the video here.

Watch CBS Videos Online

What does the Conficker worm do?

The Conficker worm has created secure infrastructure for cybercrime. The worm allows its creators to remotely install software on infected machines. What will that software do? We don’t know. Most likely the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites.

The Conficker worm mostly spreads across networks. If it finds a vulnerable computer, it turns off the automatic backup service, deletes previous restore points, disables many security services, blocks access to a number of security web sites and opens infected machines to receive additional programs from the malware’s creator. The worm then tries to spread itself to other computers on the same network.

How does the worm infect a computer?

The Downadup worm tries to take advantage of a problem with Windows (a vulnerability) called MS08-067 to quietly install itself. Users who automatically receive updates from Microsoft are already protected from this. The worm also tries to spread by copying itself into shared folders on networks and by infecting USB devices such as memory sticks.

Who is at risk?

Users whose computers are not configured to receive patches and updates from Microsoft and who are not running an up to date antivirus product are most at risk. Users who do not have a genuine version of Windows from Microsoft are most at risk since pirated system usually cannot get Microsoft updates and patches.

What to do if you are infected

If you are reading this page, your computer is probably not infected with Conficker as the worm blocks access to most security web sites.

If you have a computer that is infected, you will need to use an uninfected computer to download a specialized Conficker removal tool from. The tool is available here:

http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99

Or, you can restore access to security web sites on an infected machine by taking the following steps:

Click Start > Run.
In the Run box, type the following: cmd
Click OK.
Type the following and then press Enter. cd..
Repeat the previous step until you get to the root level, or C:\>. Note that if your root drive is not C, the letter will be different.
At C:\> type the following: net stop dnscache
Press Enter. This disables the domain blocking feature of Conficker and you should now be able to reach security Web sites including ours. You should now be able to download the Conficker removal tool here.

Advice to Stay Safe from the Downadup Worm:

Run a good security suite (we are partial to Norton Internet Security 2009 and Norton 360 Version 3.0).
Keep your computer updated with the latest patches. If you don’t know how to do this, have someone help you set your system to update itself.
Don’t use “free” security scans that pop up on many web sites. All too often these are fake, using scare tactics to try to get you to purchase their “full” service. In many cases these are actually infecting you while they run. There is reason to believe that the creators of the Conficker worm are associated with some of these fake security products.
Turn off the “autorun” feature that will automatically run programs found on memory sticks and other USB devices.
Be smart with your passwords. This includes

Change your passwords periodically

Use complex passwords – no simple names or words, use special characters and numbers

Using a separate, longer password for each site that has sensitive personal information or access to your bank accounts or credit cards.

Use a passwords management system such as Identity Safe (included in Norton Internet Security 2009 and Norton 360 Version 3.0) to track your passwords and to fill out forms automatically.
Run Norton Internet Security 2009, Norton AntiVirus 2009 or Norton 360 Version 3.0. You can also try Norton Security Scan.

FAQ

Q: What should I do if my PC is infected?

A: If you have a computer that is infected, you will need to use an uninfected computer to download a specialized Conficker removal tool from. The tool is available here.

Q: Am I safe if I don’t go to questionable web sites?

A: No. The Conficker worm seeks out computers on the same network. You can be in a coffee shop, an airport or in the office and the worm will quietly try to attach to your computer and run itself.

Q: How do I know if I am infected?

A: The best way to know if you are infected is to run a good antivirus product. One symptom that may indicate you are infected is finding that your computer is blocked from accessing the web sites of most security companies.

Q: Can’t I just run free antivirus software?

A: Yes, but free products often aren’t thorough or comprehensive. Worse, the internet is overflowing with fake free security scanners that actually infect your computer. Fake scanners such as “Antivirus 2008” are difficult to identify and have plagued hundreds of thousands of users around the world.

Norton Recommends

Run Norton Internet Security 2009, Norton AntiVirus 2009 or Norton 360 Version 3.0. All of these products will detect and remove the Downadup worm.

iTunes Hacking
Microsoft launches online security patch: Microsoft has released an emergency online security patch following the discovery of a potential glitch in its technology. The software giant announced that the online security update will automatically be installed for Internet Explorer customers. Microsoft released the patch after a vulnerability in the company's Active Template Library was discovered. The software is used to build ActiveX controls and other web application components.
Web users should be cautious of fake anti-virus programs: A new report has highlighted that malware posing as anti-virus software is spreading across tens of millions of computers each month. According to research by PandaLabs, over 1,000 examples of fake anti-virus software were found in the first quarter of 2008 alone. The program works by issuing false warnings of infections, persuading web users to buy software they do not need, and can also download Trojans or malware.
Spammers translating messages cause global security issues: Spam email is becoming a growing threat in non-English speaking nations, according to a new study. Research by MessageLabs highlights that spammers are now using free online translation sites to write messages in a variety of languages and target a greater number of people across the globe. As a result, some nations which previously enjoyed a high level of internet security are now falling victim to rising levels of spam.
Malware 'the greatest threat': The greatest threat to computer networks is malware, meaning people should be wary of introducing unnecessary software to their machines, an expert has stated. Writing for his risk management blog hosted by online publication ComputerWeekly.com, Stuart King warned that some people are reporting that their new digital picture frames and gadgets such as MP3 players are infected with viruses.
Sun Java Runtime Environment Vulnerabilities: Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities. Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers.