Conficker Worm brings down defense systems in several countries.

An unlikely opponent forced the French, British and German militaries into battle earlier this year. Instead of fighting within the combat zone, however, the opponent launched the attack within the military facilities themselves.

These entities all became victims of the dreaded Conficker computer worm, a potentially devastating botnet that infects as few as 1 million and as many as 10 million computer systems.

Exploiting Windows Vulnerabilities to Spread

French Navy fighter planes were grounded in mid January when the Conficker worm infected the military's databases, preventing the aircraft from downloading essential flight plans.

To keep the worm from spreading to other computers on the same network, French military officials terminated communications links that would have further transmitted the worm. Experts say this is the first thing to do when Conficker compromises your system.

“First, Conficker exploits a vulnerability in the Windows Server Service to replicate, then it travels through the network looking for other machines with the same vulnerability to infect next,&rdquo says Himanshu Sonkar, chief technologist and researcher at X-Wire Technology, the company which developed Tizer Conficker Razor™, a removal tool to exterminate the worm.

Conficker also copies itself onto USB devices, such as memory sticks and MP3 players that plug into infected PCs. Thus, the worm spreads to the next PC through the infected USB device.

In fact, experts familiar with the situation within the French Navy speculate that an infected USB key might be to blame installing the Conficker computer worm onto the French computer network.

French Naval officials indicated that terminating network communications with infected computers resulted in 99% of the other networks remaining clean. The Navy activated another system that provided the flight plans necessary to get the fighter planes back in the air.

Just as the French military did a month earlier, the German Military disconnected hundreds of computers from their internal network in February after Conficker attacked the German armed forces systems. Germany reported no disruptions as a result of the outbreak.

Conficker wrecked more havoc in Britain, where Conficker targeted email and computer support systems at Britain's Defense Ministry. The outbreak affected 24 royal air force bases and 75% of the navy fleet.

Removing Conficker Proves Challenging

For French, German and British officials, disconnecting from the network was the first step to preventing the Conficker worm from infecting more computer systems. Removal from already-infected systems, however, hasn't proven as easy.

That's because Conficker spreads as a .dll file, which is hidden and loads in the memory of the computer. It changes access conditions and removes the system's permissions. This means that as security utilities try to make the infection visible in order to remove it, they fail because these utilities no longer have access permissions.

Conficker also blocks access to popular antivirus and support sites presumably in order to prevent the download of a removal solution.

“If your system is already infected, the key is to find a solution that you can access on the Internet and that is effective in removing the worm,” says Sonkar, whose Tizer Conficker Razor™ meets both of those criteria.

Tizer Conficker Razor™ successfully removes all variants of the Conficker worm and Conficker-type malware because it uses heuristic and behavioral analysis for detection and a newly developed proprietary driver-based tool for removal.

Sonkar says that keeping Conficker from spreading to other computers on your network is the first step. Using a reliable tool to remove Conficker and all of its variants is the key to preventing Conficker from causing more damage.

--- X-Wire Technology