>> Tuesday, March 31, 2009
What Happens on April 1, 2009?
Systems infected with the latest version of Conficker will begin to use a new algorithm to determine what domains to contact. Microsoft has not identified any other actions scheduled to take place on April 1, 2009. It is possible that systems with the latest version of Conficker may be updated with a newer version of Conficker on April 1 by contacting domains on the new domain list. However, these systems could be updated on any date before or after April 1 as well using the "peer-to-peer" updating channel in the latest version of Conficker.
How does the Conficker worm work?
Win32/Conficker is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Depending on the specific variant, it may also spread via removable drives and by exploiting weak passwords. It disables several important system services and security products and downloads arbitrary files.
How do I protect my computer from the Conficker worm?
- Apply the update referred to in Security Bulletin MS08-067
- Ensure that user network passwords are strong to prevent this worm from spreading via weak administrator passwords
- All known variants are detected and healed by AVG. Read the FAQ.
- Please update and run full scan on your computer (if you are using AVG Paid version, make sure you run an Anti-Rootkit scan x3 )