It exploits the vulnerability MS08-067 in the Windows Server Service in order to spread itself. It also spreads through mapped, shared and removable drives. It reduces considerably the protection level of the computer and attempts to download another type of malware to the affected computer.

Windows 2003/XP/2000/NT/ME/98/95

Conficker.D is a worm which exploits a vulnerability in the Windows Server Service which allows remote code execution. It is the vulnerability MS08-067.

It checks the system date and if it is after April 1, 2009, it will try to connect to a certain website in order to download and run another type of malware in the affected computer.

It reduces considerably the protection level of the computer, as it prevents the user and the computer from connecting to many websites related to antivirus companies.

Conficker.D spreads by exploiting the vulnerability MS08-067. In order to do so, it sends malformed RPC requests to other computers in which it attempts to enter a copy of itself. Additionally, it spreads through mapped, shared and removable drives.

It is highly recommended to download and apply the security patch for the vulnerability MS08-067. Click here to access the web page for downloading the patch.

Conficker.D is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.