Spam/Virus UPDATE: Conficker Worm

The Conficker worm has been seen in the news a lot lately. The Conficker worm is is a new variant of the worm, dubbed Conficker.C, was pushed out to update machines that had previously been infected with the previous variant of the worm.  Several enhancements were made in this newer variant that makes it more difficult to infiltrate than its predecessor. The Conficker C variant was activated on April 1, 2009.

It has been said that there is a flaw in the C variant of the Conficker worm that identifies infected machines on your LAN differently than machines that are not infected.  This flaw causes a function named NetpwPathCanonicalize() to work differently in the infected version than the version in either the patched or unpatched versions of the Windows OS.  This different behavior is what folks like McAfee, Nessus, Qualys, and others are using to key on to develop a scanner to identify infected hosts.

Although a tool is great to identify machines already infected with the Conficker worm, it is more important to emphasize and re-emphasize the importance of patching and multiple defense layers (from out in the cloud all the way down to the network endpoints) to mitigate these types of infections to begin with.  Again we would recommend that all local computers and your mail server have up to date anti-spam and anti-virus installed and updated daily, a great product for that is AVG (free for home users). We would also recommend using Ad-aware and Spybot Search and Destroy to search for spam, virus and Trojans that could be present on your network. Microsoft has also provided a great step by step process of identifying if you have the Conficker worm and what you can do about it.

The last step is to ensure that your email is protected, we would recommend our Flexbox Junk Mail Email Continuity Solution that includes Inbound/Outbound Email Filtering, Lock Down and Relay access to our Smarthost to protect your IP from being Blacklisted.

MxToolBox is on Twitter! Make sure to follow us so that you stay up to date on any changes to our system, new blogs, new information etc.

Leave a Reply