Mon, Feb 23 2009 17:49
New Variant of Conficker/Downadup Worm Circulating
US-CERT is aware of public reports
concerning a new variant of the Conficker/Downadup worm, named
Conficker B++. This variant propagates itself via multiple methods,
including exploitation of the previously patched vulnerability
addressed in MS08-067,
password guessing, and the infection of removable media. Most
significantly, Conficker B++ implements a new backdoor with
"auto-update" functionality, allowing machines compromised by the new
variant to have additional malicious code installed on them. According
to Microsoft, there is no indication that systems infected with
previous variants of Conficker can automatically be re-infected with
the B++ variant.
US-CERT strongly encourages users to review Microsoft Security Bulletin MS08-067 and update unpatched systems as soon as possible.
Additionally, US-CERT recommends that users take the following preventative measures to help mitigate the security risks:
- Install antivirus software, and keep the virus signatures up to date.
- Review the Microsoft Malware Protection Center blog entry for details regarding the worm.
- Review the Using Caution with USB Drives Cyber Security Tip for more information on protecting removable media.
Filed under: Alerts