Protecting yourself from the Conficker Worm

What is Conficker?

Conficker is a worm that first surfaced late in 2008, taking advantage of a security flaw in Microsoft’s Windows operating system to spread on its own. Several variants of Conficker have surfaced since the original. Computers infected with Conficker become part of an army of compromised computers and could be used to launch attacks on Web sites, distribute spam, host phishing Web sites or other nefarious activities.

Why is the Conficker making news again?

One variant, Conficker.C, could activate on April 1, 2009—April Fool’s Day—and start another assault on Windows computers. While this may be a prank, you should make sure your computer systems are protected against this pest.

How do I know if I have it?

Once it is on a computer, Conficker digs itself in by attempting to deactivate security software and sabotage its tools to remove it. If you notice that you're unable to access Web sites such as www.mcafee.com or your security software is acting up, that could be a sign that your system was infected by Conficker.

How do I protect myself?

The good news is that protecting against Conficker isn’t hard. There are two basic things that will ensure a Windows computer is shielded against the worm:

1. Microsoft provided an emergency fix for the vulnerability last October with Security Update MS08-067. Please install this fix if you haven't already.
2. Make sure you have up to date security software. If you are a McAfee customer and have McAfee VirusScan Plus, Internet Security or Total Protection, and your machines are configured to have McAfee products automatically update, you will have received the update needed.

If your machine is configured with the “manual’ update option, you will need to run an update.

What if I have Conficker, and have let my security software lapse?

Should your computer be infected by Conficker and there is no anti-malware solution installed in your computer, McAfee Avert Labs’ Stinger tool can remove the malware. Download the tool here.

In addition, McAfee Avert Labs has published a technical document to help find Conficker on your systems in case there has been a compromise. Download the tool here.

Where can I go for more information?

McAfee Avert Labs will monitor the state of the Internet on April 1 and report on any Conficker activity on the Avert Labs blog. Meanwhile, if you have any indication who is behind Conficker, report them to the authorities and you may be eligible for a $250,000 reward offered by Microsoft.