Conficker worm detected (ConfickerWorm)

Vuln ID: 48995
Risk Level: High risk vulnerability  High ConfickerWorm
Platforms: Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows Me, Microsoft Windows XP, Microsoft Windows 2000: SP4, Microsoft Windows 2003 Server, Microsoft Windows Vista, Microsoft Windows NT, Microsoft Windows Server 2008
Description:

The Conficker worm is a network worm that targets network endpoints. Conficker builds a bot framework that might be used for spam or stealing confidential information from endpoints. Complete compromise may lead to exposure of confidential information, loss of productivity, and further network compromise.

This network worm spreads by one or more of the following mechanisms:

  • Exploiting the Windows Server Service Vulnerability (MS08-067)
  • Dropping a copy of itself into network and removable drives
  • Dropping a copy of itself in network shares with weak passwords

Remedy:

Use an up-to-date antivirus application to determine if the target computer is host to the Conficker worm. If the application detects a backdoor, follow its instructions to disinfect and repair the computer.
References:

IBM Internet Security Systems Protection Alert January 22, 2009
Conficker Worm
http://www.iss.net/threats/conficker.html

ISS X-Force
Conficker worm detected
http://www.iss.net/security_center/static/48995.php
X-Force Logo
Know Your Risks		 Mitre.org CVE Logo
Common Vulnerabilties & Exposures