Hundreds of vulnerable servers infected by the Conficker.A worm

PandaLabs, Panda Security's malware detection and analysis laboratory, has detected a significant increase in infections by the Conficker.A worm. This malicious code spreads by exploiting a vulnerability in the Windows Server service (MS08-067). This security flaw has been fixed. Once the computer has been infected, Conficker.A downloads the Adware/Antivirus2009 fake antivirus, designed to make users believe they have been infected by dozens of strains of malware and trick them into buying an 'antivirus' to resolve the problem. The adware advertises this fake antivirus with pop-ups, banners, etc. The ultimate aim is to get the user to buy the fake product. In addition, Conficker.A connects to several Web pages to get IP addresses. It then scans these addresses to find computers with port 445 open. This is the port corresponding to the RPC service, the component affected by the MS08-067 vulnerability. http://www.pandasecurity.com/emailhtml/oxygen/112908_ENG_in.htm