Known As: Win32/Conficker.A [Computer Associates], W32/Downadup.A [F-Secure], Conficker.A [Panda Software], Net-Worm.Win32.Kido.bt [Kaspersky]

Distribution
The worm is spreading through low security networks, memory sticks, and PCs without current security updates.

Method

According to Microsoft, the worm works by searching for a Windows executable file called “services.exe” and then becomes part of that code.It then copies itself into the Windows system folder as a random file of a type known as a “dll”. It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.Once the worm is up and running, it creates an HTTP server, resets a machine’s System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker’s web site.

Solution:

Users should have up-to-date anti-virus software and install Microsoft’s MS08-067 patch. The patch is known as KB958644.