Iworm 300x210 Detect Conficker Worm with new Python Toolf you haven’t heard already, you soon will hear about the “Conficker” worm. It’s a computer “worm” that is estimated to have infected up to 15 million computers worldwide, including those used by the Houston Municipal Courts, the UK Ministry of Defence, and the British House of Commons. Its so bad that last month Microsoft issued a $250,000 bounty for information leading to the arrest and conviction of those behind Conficker.

From Microsoft: Conficker infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.

Once your computer is infected, it is now “owned” by the Conficker worm and its creators. It becomes one of millions of infected PC’s making up a massive “army” of infected machines that could possibly be used to implement the author’s bidding at any time.  Here’s the scary part- all these infected machines ( or “bots”) are currently programmed to “check in” with their master on April 1st to get new instructions. No one knows exactly what will happen on that day.

Pundits have speculated a variety of different malicious deeds this massive bot army could undertake on 4/1. One possibility is that the author’s will grab sensitive personal data off all these machines. Another thought is that they will launch massive denial of service attacks on major websites.  Still others believe that this bot army will be sold off for the purposes of sending out Spam worldwide.  No one, except the authors knows for sure.

Regardless, make sure your machines have AntiVirus software, and that its up-to-date. If you’ve just recently installed AntiVirus, make sure you do a full system scan. Make sure Automatic Updates are turned on.

The Honeynet project just released a new python script you can run to scan your network for infected machines. Here’s a link to it:

http://honeynet.org/node/388

For more info about this worm you can check out any of the following links:

http://en.wikipedia.org/wiki/Conficker

http://vil.nai.com/vil/content/v_153464.htm

This one’s REAL technical but a great read if you have the time:

http://mtc.sri.com/Conficker/addendumC/

Let’s be careful out there….