ICASI is releasing this alert to provide clarity and guidance on issues that have been raised regarding the change to Conficker malware. This alert provides a consolidated view and information from ICASI member companies.

The Conficker worm has grown to be a large active botnet. At this time Conficker affects a variety of Windows operating system platforms, including Windows 2000, XP, Vista, and Server 2003. While systems which did not apply the Microsoft update MS08-067 were initially compromised through this vulnerability, the majority of current infections are occurring via open fileshares, weak passwords, shared USB devices, and social engineering efforts that trick users into installing this malicious code.