I want to add a few things as it is still not over: More and more enterprises are still hit. My last blog post showed you what you can do but I wanted to add two resources and a comment.
The comment first: There were some discussions about our Anti-Malware solution. We had protections in all our products (Forefront, OneCare, our Online Safety Scanner) since December 29th. Additionally MSRT (the Malicious Software Removal Tool) removes Conficker since yesterday.
A lot of infections we see at the moment are because of
- Unpatched machines
- AV-Software still not detecting this malware. So, you definitely should think about which AV-solution you are running in the future if three weeks after such a breakout you are still unprotected!
Now to the two resources:
Our Malware Protection Center published a post on Conficker yesterday with an excellent picture of the infection vectors:
And the Microsoft Security Response Center posted as well.