Conficker is a new family of computer worms that spread by exploiting a vulnerability in Microsoft Windows which Microsoft patched with an emergency fix in late October.The worm has already infected thousands of computers worldwide.

Win32.Conficker is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.

eSafe has been proactively detecting instances of the Conficker worm ever since its initial distribution, and have also provided specific signatures for it. All eSafe customers who are keeping their products updated are protected to the extent of the worms’s distribution and structure. eSafe continues to research for new instances of threats and, as always, will provide the updates for detecting and blocking such threats in the future.

Update (1/15/09): SANS (http://isc.sans.org/diary.html?storyid=5695&rss) covers the truly problematic part of this worm – how people get infected in the first place (as we said, this is NOT a web security issue). Note that this advice is actually applicable for most organizations anyway since the “autorun” behavior should be avoided in the first place.