Simple Conficker test for end users
Joe Stewart of SecureWorks has developed a simple test which reveals at a glance whether or not a system has been infected with one of the wide-spread versions of Conficker. The H now offers our own version of this test page.
Conficker Result Image
If certain images are missing on the test page as shown, the system is likely to be infected. Once a Conficker infection is suspected on a system, the anti-virus software installed on that system can no longer be trusted.
Another problem is that the original version Conficker.A doesn't block DNS queries, which makes it impossible for the test page to reveal version A infections. However Conficker.A is less common than its successors Conficker.B & C.
Felix Leder und Tillmann Werner, the authors of the honeynet paper analysing conficker, also put up a test page that uses the fact that Conficker blocks DNS reqeuests. They use CSS style sheets to diagnose infections with Conficker B/C.
Rather embarrassingly, the Conficker Working Group adopted Stewart's original test without pointing out that it doesn't detect Conficker.A. Instead, users are presented with the misleading message: "Not Infected by Conficker." One would think that an organisation which includes both Microsoft and all the major AV vendors would check its tests before releasing them.
http://www.h-online.com/security/news/item/Simple-Conficker-test-for-end-users-740933.html
Freeloaders are taking advantage of Conficker scare
According to reports by several anti-virus vendors, the fear of Conficker has brought the first freeloaders to the scene. The cyber criminals try to sell alleged removal tools for the Conficker worm. According to F-Secure, a Google or other search engine query for Conficker removal tools will quickly produce dubious offers that promise a lot and deliver nothing – or even infect the PC with malware themselves. The freeloaders generally belong to the scareware developer crowd. They create programs which try to scare users into buying ineffective anti-virus software by displaying false virus alerts on PCs.
German researchers develop network scan for Conficker worm
Felix Leder and Tillmann Werner from the University of Bonn have analysed the Conficker worm and discovered that it changes the way Windows responds to certain system calls. This can be exploited to allow the remote detection of Conficker infected systems.
Tools to remove Conficker
http://www.h-online.com/security/news/item/Tools-to-remove-Conficker-740541.html