"Heart of mine be still/ You can play with fire but you'll get the bil"

Robert Allen Zimmerman, Bob Dylan, (1941) , US singer
(November 29 1944, John Hopkins hospital performs 1st open heart surgery)

Hundreds of vulnerable servers infected by the Conficker.A worm

PandaLabs, Panda Security's malware detection and analysis laboratory, has detected a significant increase in infections by the Conficker.A worm. This malicious code spreads by exploiting a vulnerability in the Windows Server service (MS08-067). This security flaw has been fixed.

Once the computer has been infected, Conficker.A downloads the Adware/Antivirus2009 fake antivirus, designed to make users believe they have been infected by dozens of strains of malware and trick them into buying an 'antivirus' to resolve the problem. The adware advertises this fake antivirus with pop-ups, banners, etc. The ultimate aim is to get the user to buy the fake product.

In addition, Conficker.A connects to several Web pages to get IP addresses. It then scans these addresses to find computers with port 445 open. This is the port corresponding to the RPC service, the component affected by the MS08-067 vulnerability.

If it finds a vulnerable system, it downloads a copy of itself.

PandaLabs has already advised users in its blog to update their systems to resolve this vulnerability, as it represents a serious risk. Those who have not yet done so, can download the patch from: http://www.microsoft.com/latam/technet/seguridad/boletines/2008/ms08-067.mspx

Users can scan their systems to detect Conficker.A free of charge at: www.pandasecurity.com/activescan

Panda would like to celebrate with readers of our newsletters the awards we have received for our 2009 consumer products (more information: http://www.pandasecurity.com/homeusers/media/press-releases/viewnews?noticia=9455). That's why we are giving you the chance to buy any product from our 2009 consumer lineup with a 30% discount! To get your discount, just click this link: https://shop.pandasecurity.com/cgi-bin/pp/ml=EN?page=homeuser&track=88967&coupon=OXYPCTB30

For more information about this malware strain, go to the PandaLabs blog: http://pandalabs.pandasecurity.com/archive/Fake-Email-of-the-Federal-Police-of-Brazil-_2800_-Computer-crimes-investigation-unit-_2900_.aspx

You can receive the Panda Security news automatically by adding this URL (http://feeds.feedburner.com/PandaSecurity) to your feed reader.

For up-to-date computer security news go to the Panda Security Twitter.