As you might know, Confiker worm is spreading all over the world and hitting so bad, I read the architecture of the worm and it is so tricky.
the worm installs itself in the system by registering several DLLs files and service into the system, then it starts to downloads instructions from the internet on how to work, interact and change itself.
I have paid a close attention to the worm since the early days, we have been scanning our systems and network on weekly basis to isolate infected PCs and thanks god we have none, what me me write today that I read an article today indicating that baout 4.5 Million PC WW are infected with the Confiker worm.
below are some steps to help you protecting your network:
- Install Microsoft hotfix http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
- Confiker owns 250 domain per day, so you can use https://www.opendns.com/start to start blocking those domains, since they work with the IBM security research center to block access to those domains.
- use nessus http://blog.tenablesecurity.com/2009/03/detecting-conficker-with-nessus.html to scan your network, I prefer using NMAP.
- Finally pray and ask god to help you network.
Visit the Microsoft's Confiker page:
http://technet.microsoft.com/en-us/security/dd452420.aspx
“The information contained in this communication is intended solely for the use of the individual or entity it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this e-mail message is strictly prohibited. If you have received this message by mistake please notify the sender immediately by e-mail, destroy it and delete it from your system. The sender is neither liable for the proper and complete transmission of the information contained in this communication nor for any special, incidental or consequential damages of any nature whatsoever resulting from receipt or use of this communication”