What is Conficker Worm and Illustration of How Does it works
The Conficker worm is a computer worm that can infect your computer and spread itself to other computers across a network automatically, without human interaction. It exploits a vulnerability in Windows that Microsoft patched in October. It is commonly known as Kido or Downadup and first appeared in November.
Conficker.B, detected in February, added the ability to spread through network shares and via removable storage devices, like USB drives, through the AutoRun function in Windows.
Conficker.C, which surfaced earlier this month, shuts down security services, blocks computers from connecting to security Web sites, and downloads a Trojan. It also reaches out to other infected computers via peer-to-peer networking and includes a list of 50,000 different domains, of which 500 will be contacted by the infected computer on April 1 to receive updated copies or other malware or instructions. Previous Conficker variants were written to connect to 250 domains a day.
The latest variant of the Conficker worm is supposed to start communicating with other computers on the Internet on April 1–like an April Fool’s Day time bomb with some mysterious payload.
This is an illustration of how the Conficker worm works according to Microsoft:
What can you do to protect yourself from this worm?
You should apply the Microsoft patch and update your antivirus and other security software.
You should also apply a Microsoft update for the AutoRun feature in Windows that was released in February. The patch allows people to selectively disable the Autorun functionality for drives on a system or network to provide more security, to ensure that it is truly disabled. In addition to putting USB drive users at risk of Conficker and other viruses, the Autorun functionality has been blamed for infections from digital photo frames and other storage types.
Panda also has released a free "vaccine" tool for blocking viruses that spread through USB drives.
Microsoft has a Conficker removal tool.