Updated information about the worm W32/Conficker
Oslo, Norway 31 March 2009 – Prevalence of the Internet worm W32/Conficker is still alarmingly high. Calculations (NORCERT) shows that four to ten million computers have been infected since the worm was first discovered in the fall of 2008. There is still no certain information on the purpose of the worm or the tasks it will be set to perform.
Conficker is a worm with several main versions, classified from A through D. Analysis of the worm shows that April 1st, some of these variants will activate new updating mechanisms, more advanced than what Conficker has been able to up to now. The worm updates via a network of changing download servers, making it difficult to track the sources. There is no clear indication that there will be any special activities tomorrow, April 1st, except modified updating structure.
Any changes will only affect those already infected with W32/Conficker.
The W32/Conficker is part of a network-propagating family of worms operating in several variants. The worm spreads to other machines via a vulnerability in Windows Server Service, as well as through other techniques. This vulnerability allows the worm to download itself to computers without the user's knowledge.
All customers using antivirus solutions from Norman are protected against W32/Conficker A-D.
To remove the worm and its malicious components completely, it is recommended to use Norman Malware Cleaner. Updates that fix the vulnerabilities are available from Windows’ automatic update mechanism for systems that support this. Alternatively, one may download updates from http://windowsupdate.microsoft.com.
Norman advices all affected users to download the security update as soon as possible, to be protected.
Read more about W32/Conficker.
For further information, please contact:
Audun Lødemel, VP Marketing and Business Development, +47 934 46 531
