New Variant of Conficker/Downadup Worm Circulating
US-CERT is aware of public reports concerning a new variant of the Conficker/Downadup worm, named Conficker B++. This variant propagates itself via multiple methods, including exploitation of the previously patched vulnerability addressed in MS08-067, password guessing, and the infection of removable media. Most significantly, Conficker B++ implements a new backdoor with “auto-update” functionality, allowing machines compromised by the new variant to have additional malicious code installed on them. According to Microsoft, there is no indication that systems infected with previous variants of Conficker can automatically be re-infected with the B++ variant.
US-CERT strongly encourages users to review Microsoft Security Bulletin MS08-067 and update unpatched systems as soon as possible.
Additionally, US-CERT recommends that users take the following preventative measures to help mitigate the security risks:
* Install antivirus software, and keep the virus signatures up to date.
* Review the Microsoft Malware Protection Center blog entry for details regarding the worm.
* Review the Using Caution with USB Drives Cyber Security Tip for more information on protecting removable media.