A Conficker Worm Diagnosis

Federal agencies worried that they might be infected with the dreaded computer worm "Conficker," which has infected more than 10 million computers worldwide, now have a tool to find out.

The Homeland Security Department released a detection tool on Monday that agencies and businesses can use to scan their networks for the Conficker/Downadup computer worm, which has security experts baffled. The CBS news show 60 Minutes reported on the worm Sunday evening. Apparently, the worm -- which DHS said can infect Microsoft Windows systems from thumb drives, network share drives, or directly across a corporate network if network servers are not protected with the latest patches -- has yet to be triggered by its creators, and is instead just residing on computers awaiting further instructions.

What could happen? As one giant botnet made up of millions of zombie computers, Conficker has the potential to launch a massive spam attack that would bring network functions to a screeching halt, or even exploit network vulnerabilities to steal sensitive information. No one is completely sure what will happen, but experts guess the worm will be triggered at midnight on April 1.

The DHS U.S. Computer Emergency Readiness Team developed the detection tool, which allows organizations to detect if their networks are infected. The tool was made available to federal and state partners via the online Government Forum of Incident Response and Security Teams Portal, and to private sector partners through the IT and Communications sector Information Sharing and Analysis Centers. DHS will offer the tool to other partners in the coming days, though the agency didn't specify which.

US-CERT Director Mischel Kwon had this to say about the tool:

"While tools have existed for individual users, this is the only free tool -- and the most comprehensive one -- available for enterprises like federal and state government and private sector networks to determine the extent to which their systems are infected by this worm. Our experts at US-CERT are working around the clock to increase our capabilities to address the cyber risk to our nation's critical networks and systems, both from this threat and all others."

US-CERT recommends that Windows Operating Systems users apply Microsoft security patch MS08-067, disable AutoRun functionality that automatically downloads programs when they're detected by the operating system.

A number of security vendors offer their information, support and their own free tools that can detect and remove the worm, including Symantec, Microsoft and McAffee.