Widespread Infection of Win32/Conflicker/Downadup Worm
US-CERT says that it is called the Win32/Conflicker/Downadup worm. This worm exploits a previously patched vulnerability addressed in Microsoft Security Bulletin MS08-067. This worm attempts to propagate via multiple methods including removable media.
US-CERT strongly encourages users to review Microsoft Security Bulletin MS08-067 and update unpatched systems as soon as possible.
Additionally, US-CERT recommends that users take the following preventative measures to help mitigate the security risks:
- Install antivirus software, and keep the virus signatures up to date.
- Review the Microsoft Malware Protection Center blog entry for details regarding the worm.
- Review the Using Caution with USB Drives Cyber Security Tip for more information on protecting removable media.
Experts say a single infected laptop could expose an entire network to the worm.
The Downadup or Conficker worm exploits a bug in Microsoft Windows to infect mainly corporate networks, where it potentially exposes infected PCs to hijack.
It is a complicated worm most likely engineered by a group of people who have spent time making it very complicated to analyze and remove.
The worm does not spread over email or the Web. However if an infected laptop is connected to your corporate network, it will immediately scan the network looking for machines to infect. These will be machines that have not installed a patch from Microsoft known as MS08-067.
The best way is to get the patch and install it company-wide. The second way is password security. Use long, difficult passwords -- particularly for administrators who cannot afford to be locked out of the machines they will have to fix.