Conficker and Microsoft Anti-Malware Software

I want to add a few things as it is still not over: More and more enterprises are still hit. My last blog post showed you what you can do but I wanted to add two resources and a comment.

The comment first: There were some discussions about our Anti-Malware solution. We had protections in all our products (Forefront, OneCare, our Online Safety Scanner) since December 29th. Additionally MSRT (the Malicious Software Removal Tool) removes Conficker since yesterday.

A lot of infections we see at the moment are because of

  • Unpatched machines
  • AV-Software still not detecting this malware. So, you definitely should think about which AV-solution you are running in the future if three weeks after such a breakout you are still unprotected!

Now to the two resources:

Our Malware Protection Center published a post on Conficker yesterday with an excellent picture of the infection vectors:

original[1]

And the Microsoft Security Response Center posted as well.

Roger