Microsoft Windows Worm - Conficker/Downadup - SSO-AD-2009-001

22 January 2009

Software and platforms affected

The following software is affected

Microsoft Windows (all versions)

for the following operating system platforms:

Windows 2000
Windows XP
Windows Vista
Windows Server 2003
Windows Server 2008

What is the problem?

Recent media attention has been given to a new worm, known as Conficker or also known as Downadup, which exploits a number of bugs in Microsoft Windows.

Infection by this worm could result in a number of symptoms, such as:

User accounts may unable to log in
Windows update may be disabled
Common anti-virus products may be disabled
Access to many security-related websites may not work, including, but not limited to: Microsoft, Symantec, Sophos, Mcaffee and Trend Micro.

What we recommend you do

If you are not exhibiting any of the symptoms listed, and providing you have been keeping up to date with Windows and anti-virus software updates, as well as our previous Stay Smart Online Alerts, then it is unlikely that you would have been impacted by the worm at this time.

The relevant previous Alert can be found here:

SSO-AL2008-015

Prior to infection, the problem can be prevented by downloading and installing the software updates recommended by Microsoft.

Setting up automatic updates on your computer's operating system will save you time and reduce the risk to you and your files.

Unless your operating system is already set to update itself automatically, it is recommended you apply the updates as soon as possible to reduce your risk.

Information on how to setup Automatic Updates can be found here:

For Windows XP:

http://www.ssoalertservice.net.au/view/8d826d7e1f09438435017ec08986beec
http://www.microsoft.com/protect/computer/updates/xpsp2.mspx

For Windows 2000:

http://www.microsoft.com/protect/computer/updates/2000.mspx

For Windows Vista:

http://www.microsoft.com/protect/computer/updates/vista.mspx

The Microsoft Update web site enables you to update your Microsoft operating system and all other Microsoft software, such as Microsoft Office, from one location. When you visit Microsoft Update, the site scans your computer and gives you a list of updates relevant to your computer and its configuration. You then decide which updates you want to download and install.

http://update.microsoft.com/

The Microsoft web site has a removal tool that will remove more than just Conficker infections. It will also remove other very common malware families, and can be downloaded from:

http://www.microsoft.com/security/malwareremove/default.mspx

Additionally, this worm also contains a large list of commonly used passwords which it uses to attempt to gain access to your computer, so it is highly recommended that you use strong passwords for all computer operating system accounts. A guide to choosing strong passwords can be found here:

http://www.auscert.org.au/render.html?it=2260

Where you can find more information

The following link provides more information about the bugs and the software platforms affected:

http://www.microsoft.com/security/portal/Entry.aspx?name=Win32%2fConficker

Disclaimer

This Advisory has been prepared by AusCERT for the Department of Broadband, Communications and the Digital Economy.

The information is intended for used by home users and small to medium sized businesses and is general information only and not intended as advice and was accurate and up to date at the time of publishing. The material and information in this Advisory is not adapted to any particular person's circumstances and therefore cannot be relied upon to be of assistance in any particular case. In any important matter, you should seek professional advice relevant to your own circumstances.

The Commonwealth, AusCERT, and all other persons associated with this Advisory accept no responsibility or liability for information either included or referred to in the Advisory. No responsibility or liability is accepted for any damage, loss or expense incurred as a result of the information contained in the Advisory, whether by way of negligence or otherwise.

The listing of a person or organisation in any part of this site or Advisory does not imply any form of endorsement by the Commonwealth of the products or services provided by that person or organisation. Similarly, links to other web sites have been inserted for your convenience and do not constitute endorsement of material at those sites, or any associated organisation, product or service.

Please note that material in this Advisory, as the case may be, includes views or recommendations of third parties, which do not necessarily reflect the views of the Commonwealth, or indicate its commitment to particular course of action. Material on this site or in this Advisory may also include information provided by third parties. The Commonwealth cannot verify the accuracy of information that has been provided by third parties.

		SEARCH
Home Advisories Alerts Newsletters Subscribe or Log In Visit Stay Smart Online	Larger text Smaller text You are here: Stay Smart Online Alert Service > Server applications > Microsoft Windows Worm - Conficker/Downadup - SSO-AD-2009-001 Microsoft Windows Worm - Conficker/Downadup - SSO-AD-2009-001 22 January 2009 Software and platforms affected The following software is affected Microsoft Windows (all versions) for the following operating system platforms: Windows 2000 Windows XP Windows Vista Windows Server 2003 Windows Server 2008 What is the problem? Recent media attention has been given to a new worm, known as Conficker or also known as Downadup, which exploits a number of bugs in Microsoft Windows. Infection by this worm could result in a number of symptoms, such as: User accounts may unable to log in Windows update may be disabled Common anti-virus products may be disabled Access to many security-related websites may not work, including, but not limited to: Microsoft, Symantec, Sophos, Mcaffee and Trend Micro. What we recommend you do If you are not exhibiting any of the symptoms listed, and providing you have been keeping up to date with Windows and anti-virus software updates, as well as our previous Stay Smart Online Alerts, then it is unlikely that you would have been impacted by the worm at this time. The relevant previous Alert can be found here: SSO-AL2008-015 Prior to infection, the problem can be prevented by downloading and installing the software updates recommended by Microsoft. Setting up automatic updates on your computer's operating system will save you time and reduce the risk to you and your files. Unless your operating system is already set to update itself automatically, it is recommended you apply the updates as soon as possible to reduce your risk. Information on how to setup Automatic Updates can be found here: For Windows XP: http://www.ssoalertservice.net.au/view/8d826d7e1f09438435017ec08986beec http://www.microsoft.com/protect/computer/updates/xpsp2.mspx For Windows 2000: http://www.microsoft.com/protect/computer/updates/2000.mspx For Windows Vista: http://www.microsoft.com/protect/computer/updates/vista.mspx The Microsoft Update web site enables you to update your Microsoft operating system and all other Microsoft software, such as Microsoft Office, from one location. When you visit Microsoft Update, the site scans your computer and gives you a list of updates relevant to your computer and its configuration. You then decide which updates you want to download and install. http://update.microsoft.com/ The Microsoft web site has a removal tool that will remove more than just Conficker infections. It will also remove other very common malware families, and can be downloaded from: http://www.microsoft.com/security/malwareremove/default.mspx Additionally, this worm also contains a large list of commonly used passwords which it uses to attempt to gain access to your computer, so it is highly recommended that you use strong passwords for all computer operating system accounts. A guide to choosing strong passwords can be found here: http://www.auscert.org.au/render.html?it=2260 Where you can find more information The following link provides more information about the bugs and the software platforms affected: http://www.microsoft.com/security/portal/Entry.aspx?name=Win32%2fConficker Disclaimer This Advisory has been prepared by AusCERT for the Department of Broadband, Communications and the Digital Economy. The information is intended for used by home users and small to medium sized businesses and is general information only and not intended as advice and was accurate and up to date at the time of publishing. The material and information in this Advisory is not adapted to any particular person's circumstances and therefore cannot be relied upon to be of assistance in any particular case. In any important matter, you should seek professional advice relevant to your own circumstances. The Commonwealth, AusCERT, and all other persons associated with this Advisory accept no responsibility or liability for information either included or referred to in the Advisory. No responsibility or liability is accepted for any damage, loss or expense incurred as a result of the information contained in the Advisory, whether by way of negligence or otherwise. The listing of a person or organisation in any part of this site or Advisory does not imply any form of endorsement by the Commonwealth of the products or services provided by that person or organisation. Similarly, links to other web sites have been inserted for your convenience and do not constitute endorsement of material at those sites, or any associated organisation, product or service. Please note that material in this Advisory, as the case may be, includes views or recommendations of third parties, which do not necessarily reflect the views of the Commonwealth, or indicate its commitment to particular course of action. Material on this site or in this Advisory may also include information provided by third parties. The Commonwealth cannot verify the accuracy of information that has been provided by third parties.
	Last Updated: 2009-01-22 Copyright \| Privacy \| Disclaimer