check for conficker

[Dataspel]

My advice is to check your PCs for conficker. This is not an April Fools joke.
Just because it has done nothing yet, does not mean it is inactive. The guys at work
are all excited about this, can't stop talking about it. They have a couple of captive
botnet nodes in the lab and are watching them 24/7 to see what they are planning to do.
They say it is clever and resilient. For example, if you run WireShark to see if you
have been pwned, it checks the process list every 10 seconds and shuts it down.
If you rename Wireshark, then it checks for the winpcap driver; and if it finds it, shuts
it down and removes all of your interfaces. And on and on. The consensus so
far is that someone was just trying to set up a big spam network and got in over
their heads. I don't buy this; I think it will be something worse when the instructions
finally are sent out.

In any event, this is very interesting. Looks like the first worm that may have been
written by an AI application.

[Akira]

As long as it's not on my web server and home machine.

I didn't get to read up on it, how does it infect a computer? Visiting a payload site, download or ?

[Dataspel]

According to wikipedia, it can propagate via http pull or netbios push.
http://en.wikipedia.org/wiki/Conficker
I have read elsewhere that it can also be carried via memory stick.
The safest course is to keep your windows PCs patched.

[Neophyte]

According to wikipedia, it can propagate via http pull or netbios push.
http://en.wikipedia.org/wiki/Conficker
I have read elsewhere that it can also be carried via memory stick.
The safest course is to keep your windows PCs patched.

I know a few Sys Admin's who have disabled the disconnectable media autoplay function in Group Policy. This is extreme, but necessary. Conficker will infect a disconnectable drive and will set itself to autorun when that drive is attached to a computer. From the sound of it, there are approx 3.5 Million computers with Conficker in the wild.

Best way to test if you're infected is try to visit a remedy site, such as update.microsoft.com or housecall.antivirus.com - an uninfected computer will be able to go to the site while an infected computer will get an error message asking you to check your network settings.