BitDefender has released what it claims is the first vaccination tool to remove the notorious Conficker virus that infected some 9 million Windows machines in about three months.
The worm, also known as Downadup, exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. It spreads primarily through a buffer overflow vulnerability in Windows Server Service where it disables the operating system update service, security center, including Windows Defender, and error reporting.
Security experts claim the worm is the worst infection to date, second to the SQL slammer worm that devastated the Internet in 2003.
The Romanian security vendor said its removal tool, available here, will delete all versions of Downadup and will not be detected by the virus.
Senior malware analyst Vlad Valceanu said the worm is difficult to remove because it contains an in-built update service.
“BitDefender Labs has been seeing an increase in worms, like Downadup, that have a built-in mathematical algorithm, generating strings based on the current date,” Valceanu said in a written statement.
“The worms then produce a fixed number of domain names on a daily basis and check them for updates.
“This makes it easy for malware writers to upgrade a worm or give it a new payload, as they only have to register one of the domains and then upload the files.”