US-CERT saw no evidence of nefarious behavior associated with Conficker on April 1, 2009. It is important to understand that it is still unclear what Conficker is intended for and capable of doing. Systems with infections must be cleaned now. An infected system could enable an attacker to remotely take control of that system and install additional malicious software. Even though April 1, 2009 has passed, the exact time and intended purpose of the Conficker/Downadup worm remains unknown. The possible malicious uses of this worm range from data theft, phishing/spam efforts, and, the scenario of most concern, distributed denial-of-service (DDoS) attacks. Users must remain vigilant in detecting the Conficker Worm and systematically cleaning systems of these infections to prevent potential, future cyber events. PLEASE READ THE CURRENT ACTIVITY UPDATE for more information about the Conficker worm.
April 7, 2009
February 24, 2009
New Variant of Conficker/Downadup Worm Circulating
US-CERT is aware of public reports concerning a new variant of the Conficker/Downadup worm, named Conficker B++. This variant propagates itself via multiple methods, including exploitation of the previously patched vulnerability addressed in MS08-067, password guessing, and the infection of removable media. Most significantly, Conficker B++ implements a new backdoor with “auto-update” functionality, allowing machines compromised by the new variant to have additional malicious code installed on them. According to Microsoft, there is no indication that systems infected with previous variants of Conficker can automatically be re-infected with the B++ variant.
US-CERT strongly encourages users to review Microsoft Security Bulletin MS08-067 and update unpatched systems as soon as possible.
Additionally, US-CERT recommends that users take the following preventative measures to help mitigate the security risks:
* Install antivirus software, and keep the virus signatures up to date.
* Review the Microsoft Malware Protection Center blog entry for details regarding the worm.
* Review the Using Caution with USB Drives Cyber Security Tip for more information on protecting removable media.