Introduction
I've discussed the Conficker worm in some detail in previous Security Alerts. The expected mass infections of April Fool's Day turned out to be a dud, but it was no April Fool's joke. The reason that it fizzeled out on 1 April was because of flaws in the program. However, now those have been fixed, and the Conficker worm poses a real threat. It has already infected thousands of computers at one U.S. university and now comes with a new payload....a fake anti-virus program that costs $50 - - for being so kind as to get yourself infected.
To repeat, you can only get this by making a bad click...on a popup message while browsing, and that usually results from clicking on links in spam email.
Conficker could be very difficult to get rid of if you get infected. The reason is that it mutates, i.e., it changes the names of the files it uses, making it hard to clean.
The good news is that like most other malware, if you are careful what you click on, you should be easily able to avoid getting infected.
So despite the rants and hype you will see on the Internet and on TV, just take the usual precautions and you will be safe.
The best rule of thumb:
If you don't know what you are clicking, DON'T CLICK.
--------------------------------------------------------------------------------
Remember also that you can get this worm from CDs, DVDs, Flash drives, links in Instant Messenger chat, etc.
In a separate Security Alert, I will advise you of a small program that makes turning off autoruns simple without having to use the registry directly.
--------------------------------------------------------------------
Conficker also installs fake antivirus software
source
Report: Conficker worm bites University of Utah
link