What is it? The Conficker worm (aka Downadup) is a Windows worm that can infect your computer, automatically spreading to other computers across a network. To date, the worm has spread to as many as 10 million machines around the world. The worm has an automated update capability and, once it’s installed on a system, it disables anti-virus and Windows updates and attempts to spread to other PCs.
How does it work? The worm spreads in three major ways. The first is through a specific Microsoft vulnerability (dubbed MS08-067). It scans for specific hosts—located on TCP port 445—and attacks them once it finds such a host. It can also spread over USB devices using the AutoRun feature, opening file shares by guessing account names and passwords.
Should you be worried? If your computer is up-to-date with the latest security updates and antivirus software, you likely don’t have the Conficker worm. In February, Microsoft (
How can you prevent it? Installing the patch (MS08-067) and keeping your anti-virus software updated is the best prevention. Also, look at rolling out Microsoft’s new tool to disable the AutoRun feature. If you have an infestation, you may have to resort to rolling out a Conficker removal tool, available for free from Microsoft and all major anti-virus companies, to the hosts using a custom update mechanism. Once you do that, you can update AV and Windows. It’s also a good idea to screen USB devices for signs of carrying the infection.
Manager of Security Research
Want to improve the way you run your business? Entrepreneurs, academics, and consultants from diverse industries offer practical advice on a variety of topics each business day.
To submit a tip for consideration, first check our archive of previous tips to make sure you're not repeating a tip someone has already contributed. Then send the tip to Small Business channel contributor Michelle Dammon Loyalka. Because of the volume of material she receives, she may not respond to each individual.