Dear All,
Here's a forward from Mark Minasi newsletter that I've received today. It contains useful information on how to look for and prevent the latest virus/worm outbreak since last Friday. Hope you find it helpful!
"Hi All --
Just a quick note about the Conflicker / Downadup worm that's gotten a bunch of press lately. It's on the grow, so it's worth taking a moment and checking your systems (and, more likely, your friends' home systems).
I view it as an important threat to address because it's one of those "remote code execution" exploits, which is security-ese for "you don't have to do anything to get this except (1) don't patch and (2) expose port 135 (RPC) to the Internet." What's scarier is that it puts itself on USB sticks and puts an autorun.inf file on those sticks, meaning that if your system's infected and you take a USB stick out of your system and hand it to someone and that person pops the USB stick into a system that hasn't disabled autorun, then that other person's computer is now infected. (I really hate autorun and disable it -- you can do it from group policies or Control Panel. In Vista, it's in Control Panel / Hardware and Sound / AutoPlay. On XP, open My Computer and right-click anything under "Devices with Removable Storage" and look on the AutoPlay tab.)
Microsoft published the patch, MS08-067 on 23 October '08, so you probably have nothing to worry about if you automatically download and install Microsoft's hotfixes in a timely manner. If not, any major anti-malware tool can identify and clean it, or just download the latest version of Microsoft's Malicious Software Removal Tool (the 19 January version) from http://www.microsoft.com/downloads, then run it by typing "mrt" and follow the prompts. Once finished, MRT offers a hyperlink "View detailed results of the scan." In that report refers to the worm as Win32/Conflicker, rather than the "Downadup" name used by many sources.
I hope this helps, and apologies to those for whom this is old news -- it'd just be a shame to allow a bunch of dirtbags to build another bot army."
Cheers, and take action against this worm right away if you haven't!
