The worm:

* exploits the MS08-67 Windows Server service vulnerability (Services.exe)
* saves an executable autorun.inf file to any removable media attached
* saves an executable autorun.inf file to any mounted network shares
* attempts to brute-force credentials on other accessible machines
The last 3 methods allow the worm to quickly spread through internal
networks and to patched machines that lack sufficient anti-virus
coverage. Once installed, the worm attempts to block further Microsoft
or updates from being installed.

Preventative measure you can take additionally to those i mentioned in my post yesterday include:

* File servers should either be covered by antivirus protection, prevent the creation of autorun.inf files (see Workaround 1), or be checked periodically/automatically for the presence of such files.
* Disable autorun on workstations and servers see KB953252 on the MS site.
* Sites who maintain their own DNS servers or webcaches may want to monitor logs for the appearance of domains that appear on the F-Secure list of potential domains that the worm may use. See F-secures Pre-emptive block list

Removing the virus:

Most AV tools will clean the threat from your computer but if another computer on your network has it you could get it again. Like i mentioned yesterday keep your anti-virus up to date and be alert check your AV logs for any of the sigs of the virus.

Its believed that the worm “Conficker” also known as “Downadup” or “Kido” has infected around 9.5 million the world according to  F-Secure’s chief research officer, Mikko Hypponen (src:BBC NEWS)

The worm’s payload is believed not to have been activated but if it is the person / group responsible for this would have full control over you computer with Administrator rights.

Microsoft’s Overview description of the vulnerability:
“A security issue has been identified that could allow an unauthenticated remote attacker to compromise your Microsoft Windows-based system and gain control over it.“

If you have:

Windows 2000 SP4 then go here:Microsoft Security Update for Windows 2000 (KB958644)
Windows XP SP2 or SP3 then go here:Microsoft Security Update for Windows XP (KB958644)
Windows 2003 Server in any flavour then go here:Microsoft Security Update for Windows Server 2003 (KB958644)
Windows Vista / Vista SP1 then go here:Microsoft Security Update for Windows Vista (KB958644)
And finally if you are using the lovely Windows 7 Beta the go here:Microsoft Security Update for Windows 7 Pre-Beta (KB958644)

…download the patch and install (Will require a reboot)

Also remember that you will need to make sure your Anti-virus is up to date.

Some other things you can do to protect yourself are:

• Block all incoming and outgoing traffic on port 445 on computers connected to the net
• Disconnect it from any local area network as the worm can infect via Windows  file shares
• Scan all you hard disks and removable media (USB flash drives, Memory cards etc)
• Make sure your family and friends are aware of this threat and that they patch their computers and update their antivirus

Be vigilant, make sure you are patched and updated and you should be safe from this threat.

Right I’m off for a cup of rubbish tea from the vending machine.