Though the Conficker hype has died down, there are still people on the lookout for remediation and detection tools to make sure their networks stay safe.
There is still cause to be on guard, and those who are infected and have not cleaned their PCs are still subject to the plans of the attackers, who could still update the worm at any moment. For this reason, security vendors and researchers have scrambled to provide methods to detect and remove Conficker. The worm spreads by targeting a patched vulnerability in Microsoft’s Server service. It also propagates through network shares by logging onto computers with weak passwords, as well as through removable media.
We have developed a short list here of some of the free tools out there that can be used to fight off the worm. This is not meant to be a comprehensive list, and other organizations such as the Conficker Working Group, aka the Conficker Cabal, have additional recommendations.
- F-Secure: F-Secure has made a free tool available here. The link to the tool is at the bottom of the FAQ page.
- BitDefender: BitDefender offers tools for both single PC removal and network removal. The tools can be downloaded here.
- SecureWorks: Technically this is not a tool. But Joe Stewart, director of malware research for SecureWorks, came up with a simple method of detecting Conficker that uses one of the worm’s defenses against it. The worm blocks access to certain security sites. If you cannot load the images posted in the first row but can load those in the second, you may be infected with Conficker.
- Nmap: This is an open-source network scanner that has been updated to remotely scan for Conficker infected PCs.
- McAfee: McAfee’s stand-alone Avert Stinger utility has been updated to remove Conficker.
- Symantec: Symantec has a removal tool available here.
Trend Micro has also provided advice on how to get around Conficker’s attempts to block security sites. Information on that is provided here.