Conficker Worm Advisory

Conficker (a.k.a. Downup, Downadup and Kido) is a computer worm that surfaced in October 2008 and targets a Windows operating system vulnerability. If your computer is infected with this virus, it can extract malicious files, delete Windows restore points, infect external hard drive and flash drives, and allow other malicious software to be installed on your computer. The objective of Conficker is to enslave computers and make them subject to control over the Internet.

There were many rumors that Conficker would radically change on April 1st. While it’s true that the worm activated some code on this day, all that code did was check certain websites for instructions. For the vast majority of computers there was no noticeable effect, as most of the websites didn’t contain any instruction. Also, since this only affected computers already infected with the worm, computers that didn’t already have Conficker were not affected.

The best way to check if a computer is infected with Conficker is to see if the computer can visit certain antivirus websites, such as symantec.com, sophos.com, and microsoft.com. If these pages don’t load and other websites do, then it’s probably because of a Conficker worm infection. One of the only visible affects of the worm is that it blocks a computer’s access to tools that can remove it.

To protect yourself from Conficker, all Windows users should do the following:

Ensure all current Windows security updates are installed using Windows Update, specifically KB958644.
Verify that antivirus software is installed and running with up-to-date virus definitions.
Enable Windows firewall or alternative software firewall.

If you need help performing these security measures or feel you are infected with a worm or virus that you cannot remove from your computer, please contact the IT Helpdesk for assistance.

If you would like continuing coverage of progress made toward neutralizing the Conficker worm, please visit http://www.confickerworkinggroup.org/wiki/