US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems

08 Sep 2010

Support Center » Knowledgebase » US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems

	US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems

Solution -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA09-088A

Conficker Worm Targets Microsoft Windows Systems

Original release date: March 29, 2009
Last revised: --
Source: US-CERT

Systems Affected

* Microsoft Windows

Overview

US-CERT is aware of public reports indicating a widespread
infection of the Conficker worm, which can infect a Microsoft
Windows system from a thumb drive, a network share, or directly
across a network if the host is not patched with MS08-067.

I. Description

The presence of a Conficker infection may be detected if a user is
unable to surf to the following websites:

* http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
* http://www.mcafee.com

If a user is unable to reach either of these websites, a Conficker
infection may be indicated (the most current variant of Conficker
interferes with queries for these sites, preventing a user from
visiting them). If a Conficker infection is suspected, the
infected system should be removed from the network. Major
anti-virus vendors and Microsoft have released several free tools
that can verify the presence of a Conficker infection and remove
the worm. Instructions for manually removing a Conficker infection
from a system have been published by Microsoft in
http://support.microsoft.com/kb/962007.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code on
a vulnerable system.

III. Solution

US-CERT encourages users to prevent a Conficker infection by
ensuring all systems have the MS08-067 patch (part of Security
Update KB958644, which was published by Miscrosoft in October
2008), disabling AutoRun functionality (see
http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and
maintaining up-to-date anti-virus software.

IV. References

* Virus alert about the Win32/Conficker.B worm -

* Microsoft Security Bulletin MS08-067 - Critical -

* Microsoft Windows Does Not Disable AutoRun Properly -

* MS08-067: Vulnerability in Server service could allow remote code
execution -

* The Conficker Worm -

* W32/Conficker.worm -

____________________________________________________________________

The most recent version of this document can be found at:

____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to with "TA09-088A Feedback VU#827267" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit .
____________________________________________________________________

Produced 2009 by US-CERT, a government organization.

Terms of use:

____________________________________________________________________

Revision History

March 29, 2009: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSdAg4XIHljM+H4irAQJ16Af9G3xHegmJB2Nx9u6J3kl8un/2Tz5J40sr
DW/GTU0rvHtXDg/2Xs3Gv2IHYWqBRWG6HjZ1FbuTWbBqHvlWk0QVrjeeihNeXElP
hp+ZRN6y+tHDCPRz1XT2YLE3zDldLv4v2c9YmsIEVdICiQZYe6Y/ECKNDWXcUzNt
EweRdI6/ZsAnyfZU24TxESH0L2/vQ4Qb3bRReCcVK4SWhno4cewsiiM5eAXs2EOP
VcSH6UnEE2V/841IHcCV9i5NM7aO2VDvh1lolsr/HvpWROThKslLX/FO2nIdA78d
ktvdaddRdHhJAWOkErlT8cj3nGXj0g2H1HQcDK8Nua/gEc2zOfog/Q==
=sk7E
-----END PGP SIGNATURE-----

Article Details

Article ID:

Created On:

30 Mar 2009 02:41 PM