Copyright 2022 - CSIM - Asian Institute of Technology

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Subject: US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems
From: CERT Advisory <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Date: Mon, 30 Mar 2009 15:11:40 -0400

Hash: SHA1

                    National Cyber Alert System

              Technical Cyber Security Alert TA09-088A

Conficker Worm Targets Microsoft Windows Systems

   Original release date: March 29, 2009
   Last revised: March 30, 2009
   Source: US-CERT

Systems Affected

     * Microsoft Windows


   US-CERT is aware of public reports indicating a widespread
   infection of the Conficker/Downadup worm, which can infect a
   Microsoft Windows system from a thumb drive, a network share, or
   directly across a corporate network, if the network servers are not
   patched with the MS08-067 patch from Microsoft.

I. Description

   Home users can apply a simple test for the presence of a
   Conficker/Downadup infection on their home computers.  The presence
   of a Conficker/Downadup infection may be detected if a user is
   unable to surf to their security solution website or if they are
   unable to connect to the websites, by downloading detection/removal
   tools available free from those sites:
   If a user is unable to reach any of these websites, it may indicate
   a Conficker/Downadup infection.  The most recent variant of
   Conficker/Downadup interferes with queries for these sites,
   preventing a user from visiting them.  If a Conficker/Downadup
   infection is suspected, the system or computer should be removed
   from the network or unplugged from the Internet - in the case for
   home users.

II. Impact

   A remote, unauthenticated attacker could execute arbitrary code on
   a vulnerable system.

III. Solution

   Instructions, support and more information on how to manually
   remove a Conficker/Downadup infection from a system have been
   published by major security vendors.  Please see below for a few of
   those sites. Each of these vendors offers free tools that can
   verify the presence of a Conficker/Downadup infection and remove
   the worm:

   Microsoft PC Safety hotline at 1-866-PCSAFETY, for assistance.

   US-CERT encourages users to prevent a Conficker/Downadup infection by
   ensuring all systems have the MS08-067 patch (see,
   disabling AutoRun functionality (see, and
   maintaining up-to-date anti-virus software.

IV. References

 * Microsoft Windows Does Not Disable AutoRun Properly -

 * Virus alert about the Win32/Conficker.B worm -

 * Microsoft Security Bulletin MS08-067 - Critical -

 * MS08-067: Vulnerability in Server service could allow remote code
   execution -

 * The Conficker Worm -

 * W32/Conficker.worm -

 * W32.Downadup Removal Tool -


   The most recent version of this document can be found at:


   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <This email address is being protected from spambots. You need JavaScript enabled to view it.> with "TA09-088A Feedback VU#827267" in
   the subject.

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <>.

   Produced 2009 by US-CERT, a government organization.

   Terms of use:


Revision History
  March 29, 2009: Initial release
  March 30, 2009: Included additional details

Version: GnuPG v1.4.5 (GNU/Linux)

Powered by: MHonArc

Login Form


School of Engineering and technologies     Asian Institute of Technology