US-CERT.GOV
http://www.uscert.gov
Note: The following text is a quote:
http://www.uscert.gov/current/index.html#conficker_worm_information
Conficker Worm Targets Microsoft Windows Systems
added March 29, 2009 at 08:18 pm | updated March 30, 2009 at 03:06 pm
US-CERT is aware of public reports indicating a widespread infection of the Conficker/Downadup worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a corporate network, if the network servers are not patched with the MS08-067 patch from Microsoft.
Home users can apply a simple test for the presence of a Conficker/Downadup infection on their home computers. The presence of a Conficker/Downadup infection may be detected if a user is unable to surf to their security solution website or if they are unable to connect to the websites, by downloading detection/removal tools available free from those sites:
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
http://www.mcafee.com
If a user is unable to reach any of these websites, it may indicate a Conficker/Downadup infection. The most recent variant of Conficker/Downadup interferes with queries for these sites, preventing a user from visiting them. If a Conficker/Downadup infection is suspected, the system or computer should be removed from the network or unplugged from the Internet - in the case for home users.
Instructions, support and more information on how to manually remove a Conficker/Downadup infection from a system have been published by major security vendors. Please see below for a few of those sites. Each of these vendors offers free tools that can verify the presence of a Conficker/Downadup infection and remove the worm:
Symantec:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99
Microsoft:
http://support.microsoft.com/kb/962007
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
Microsoft PC Safety hotline at 1-866-PCSAFETY, for assistance.
US-CERT encourages users to prevent a Conficker/Downadup infection by ensuring all systems have the MS08-067 patch (see http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx), disabling AutoRun functionality (see http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and maintaining up-to-date anti-virus software.
Excellent, thanks, Cindy.
I’ll be monitoring this board and the overseas boards right after American idol in case anyone needs assistance or can supply us with updated info.
What to do if you are infected If you are reading this page, your computer is probably not infected with Conficker as the worm blocks access to most security web sites. If you have a computer that is infected, you will need to use an uninfected computer to download a specialized Conficker removal tool from. The tool is available here.
What to do if you are infected
If you are reading this page, your computer is probably not infected with Conficker as the worm blocks access to most security web sites.
So I think I'm OK. I hope!
I just got an alert from Macafee that I am up to date, do you think it’s ok?
BLOG:
http://blogs.zdnet.com/security/?p=2754
March 3rd, 2009
“Conficker worm to DDoS legitimate sites in March”
Posted by Dancho Danchev @ 12:40 pm
Categories: Anti Virus, Botnets, Browsers, Hackers, Malware......
Tags: Security, Internet Worm, Remote Code Execution, MS08-067, Conficker......
SNIPPET: “The reverse engineering of the domain registration algorithm not only made it possible to anticipate the upcoming command and control locations, but also, allowed security companies to pre-register them and lock them under the Conficker Cabal alliance with members such as Microsoft and the ICANN. Moreover, perhaps the most pragmatic mitigation solution implemented on a large scale so far, has been OpenDNS updated Stats System which automatically stops resolving Conficker’s latest domains, a feature which they introduced last month.
For the time being, the Conficker botnet remains in a “stay tuned” mode with the real malicious payload to be delivered at any particular moment. A patch has been available since October, 2008.”