DHS Conficker/Downadup Computer Worm Detection Tool

Conficker has been making headlines during its attack on Windows-based PCs, attacking over 9 million PCs to date. It even prompted a $250,000 reward from Microsoft for information leading to the arrest and conviction of the worm’s creators. Once your computer is infected, several actions take place: administrator passwords are cracked, access to security websites and automatic updates are shut down, recently saved documents are erased, and possible keylogging software installed.

The Department of Homeland security released this article to address concerns. US-CERT recommends that Windows Operating Systems users apply Microsoft security patch MS08-067 (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx) as quickly as possible to help protect themselves from the worm.

Instructions, support and more information on how to manually remove a Conficker/Downadup infection from a system have been published by major security vendors. Each of these vendors offers free tools that can verify the presence of a Conficker/Downadup infection and remove the worm:

Symantec:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99

Microsoft:
http://support.microsoft.com/kb/962007
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

Home users may also call Microsoft PC Safety hotline at 1-866-PCSAFETY, for assistance.

McAfee:
http://www.mcafee.com/us/threat_center/default.asp

US-CERT encourages users to prevent a Conficker/Downadup infection by ensuring all systems have the MS08-067 patch, disabling AutoRun functionality (see http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and maintaining up-to-date anti-virus software.

In addition, US-CERT recommends that computer users and administrators implement the following preparedness measures to protect themselves against this vulnerability, and also from future vulnerabilities:

• Keep up-to-date on security patches and fixes for your operating system. The easiest way to do this is to set your system to receive automatic updates, which will ensure you automatically receive security updates issued by Microsoft. If your system does not allow automatic updates, we recommend that you manually install the Microsoft security patch today through Microsoft Update at http://update.microsoft.com/microsoftupdate
• Install anti-virus and anti-spyware software and keep them up-to-date
• Enable a firewall which will help block attacks before they can get into your computer

To access the alerts for this vulnerability and for additional information on cyber security tips and practices, please visit www.us-cert.gov.