How to Block, Detect, or Eliminate The Conflicker/Downadup Worm

The New York Times reported today on the worm known variously as Conflicker, Downadup, and Kido, which is spreading at breakneck speed, having infected millions of computers already. The worm exploits the MS08-067 vulnerability in Windows machines, then works quietly in the background. Unless a user is keeping an eye on network usage, they might not know about the infection. You're already protected from Conflicker/Downadup if you've:

  • Installed Windows updates since October 2008 -- Microsoft released a patch for the MS08-067 vulnerability a while ago.
  • Kept your security and anti-virus software up to date with new definitions and releases. Many of the major security and anti-virus companies are aware of and already protecting their users from the worm, including Norton/Symantec, AVG/Grisoft, Kaspersky, and McAfee.  Check the official website of your anti-virus company if you're not sure.

To protect yourself from this worm, take the following steps:

  • Install the latest critical updates from Microsoft for your version of Windows.
  • Update or install security/anti-virus software from a company that states on their website that they are aware of the worm. Don't trust free online-only scans. Windows 7 beta users should download AVG, Kaspersky Labs or Symantec anti-virus.

If you think or know you're infected:

When you run scans, be sure to also clean any removable memory or storage, as the worm can copy itself to external drives/memory as well.