The Conficker/Downadup worm managed to slither onto millions of PCs worldwide at its height, but after it initially infected a computer it only really acted to spread itself, and didn’t cause further harm. Until now.
Symantec reports today that it has found a new variant of the virulent worm that will identify antivirus software or security analysis tools running on the infected PC, and attempt to shut down those programs. This is a strong signal that the worm’s mysterious creators haven’t abandoned their creation in the face of worldwide attention, as some in the industry have theorized, but may still have plans to make a buck off their work.
To protect against the Conficker worm, first make sure you’ve installed the patch that closes a targeted hole in the Microsoft Server Service. Next, protect any network shares and administrator accounts with a strong password, as Conficker will try to guess easy ones.
Finally, you can block the worm’s third infection, which hijacks thumb drives and other removeable media, by disabling Autorun on Windows. PC World has a download available that can automate that step for Windows XP users, and Microsoft has posted manual instructions.