How to stop the Conficker worm on an unpatched PC

Graham Cluley

In the last week or so there has been a resurgence in the Conficker worm (called W32/Confick by Sophos’s anti-virus products, and also known as Downadup) that we first saw in November. This is probably due to the malware authors adding some new propagation methods such as spreading via USB flash drives and Windows file-sharing.

These techniques make it hard to remove from a network, as a single computer unpatched against the Microsoft MS08-67 security vulnerability, is able to reinfect the whole network via file shares.

Obviously the best thing you can do – as we stressed back in November – is make sure that Microsoft’s patch is in place on every vulnerable computer on your network.

In addition, you should ensure that your anti-virus software is…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.