Recently, the media has been broadcasting dire warnings about the Conflicker worm. I haven’t seen as much “the sky is falling” hype since Y2k (which was a problem — I had to put a lot of work into making our system compliant, it just wasn’t the end of life as we know it).
Is Conflicker really that bad of a problem? Yes, it could be. Estimates have it that there are over 10 million infected machines out there. These machines could be used as a botnet to collectively attack major websites or critical Internet infrastructure sites, causing outages and other problems. It could also be used to gather personal information on each infected machine, which could lead to identity theft and other problems for the user.
So what really happened on Wednesday? Basically, the worm began to check more sites for new updates. The older variants only checked 250 websites and the new one checks 500 sites. This means that there is a greater chance for a destructive payload to be delivered to the infected machines.
How do you know if you are infected? One of the easiest ways is to check out the Conflicker Eye Chart — if you can see all of the images, odds are that you are not infected. If you can download Windows Updates and Antivirus updates, you are most likely not infected. However, if you are having problems downloading updates and/or cannot see some of the images on the Eye Chart website, you should immediately check your system for this worm. Many different removal tools can be found at the Conflicker Working Group’s website.
One thing I need to stress here: the patch for this vulnerability was released by Microsoft in October 2008. Conflicker would not be an issue of the infected machines had been patched properly. Microsoft releases new patches every month (on the second Tuesday); you should be applying these patches in a timely manner. Either go to Windows Update or Microsoft Update every month after the patches are released or simply turn on Automatic Updates.