1. Technology
You can opt-out at any time. Please refer to our privacy policy for contact information.

Win32/Conficker.B Worm Plagues the Internet

(also known as Win32.Downadup or Downadup)

By

Updated March 30, 2009
With millions of unpatched computers to victimize, the Win32/Conficker.B (also known as Conflicker, Downadup, or W32.Downadup) worm continues to exploit the vulnerability in Microsoft RPC identified in Microsoft Security Bulletin MS08-067.

Microsoft considered the vulnerability critical enough that they released the Critical Security Bulletin MS08-067 out-of-cycle as an emergency update in October of 2008. Three months later though, it is estimated that a third of the vulnerable systems in the world remain unpatched.

Symantec has a fairly detailed account of the current infection statistics. Apparently, while the worm has compromised millions of systems, the United States is not in the top 10 infected countries. That list is topped by China, Argentina nd Russia.

Thus far, the worm has done nothing more than propagate. However, security experts are concerned about what happens next. Symantec also has a post explaining the concern and how the worm can still be updated to add some sort of destructive payload or cause it to execute some other malicious activity. With millions of compromised systems available, the potential chaos is pretty significant.

The worm exploits a vulnerability in the Windows Server service (svchost.exe) on Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008 systems. Compromised systems may lock out users, disable Windows update service, and block access to security-related web sites. All of these things make it more difficult for users to identify and remove the threat.

For more details about the threat, check out the Microsoft Malware Protection Center. To protect against the threat, make sure you have applied the patch from Security Bulletin MS08-067. If you think your system is infected, or just want to make sure it is not infected, download and run the Microsoft Malicious Software Removal Tool.

©2014 About.com. All rights reserved.