http://www.malware.com.br/conficker.shtml

Malware Block Lists to block Conficker updates and worm installation are available for non-commercial use in following formats, Add to Hosts file.
and Firewall Mac so on.

http://www.symantec.com/connect/blogs/downadup-geo-location-fingerprinting-and-piracy

Top 10 countries ranked by W32.Downadup infections

http://arstechnica.com/old/content/2008/01/bsa-piracy-economic-impact-is-tens-of-billions-of-dollars.ars

BSA: Piracy economic impact is tens of billions of dollars

http://www.computerworld.com/s/article/9140171/After_one_year_Conficker_infects_7M_computers?taxonomyId=17

After one year, Conficker infects 7M computers

The worm is very common in, for instance, China and Brazil. Members of the Conficker Working Group, an industry coalition set up last year to deal with the worm, suspect that many of the infected PCs are running bootlegged copies of Microsoft Windows, and are therefore unable to download the patches or Microsoft's Malicious Software Removal Tool, which could remove the infection.

http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/InfectionTracking

http://www.theregister.co.uk/2009/10/27/mass_website_compromises_spike/

An estimated 5.8 million pages belonging to 640,000 websites were infected with code designed to launch malware attacks on visitors.

Sorry, Dragon, I was probably just impercise in my language. I meant that I used the suggestion in that article, not that I thought that you had done that. Thanks a lot, though, for all the good detail on the test method. Been wanting to test. Maybe I'll try that to test both fixes.

Watcher,

I DID NOT apply the WindowsSecrets registry solution. I followed Microsoft's "corrected" Group Policy procedure which did as much as can be done. I sent the link to WindowsSecrets and the description to Microsoft. I am reluctant to apply anything from an unknown third-party that requires modification to the registry! I did use their information to prove my point to Microsoft. That's where I learned to play with autorun.inf.

You can test your "fix" by simply putting in any install CD and look to see if the icon for your cd drive changes. Something safe (such as a Everett Kaser Software CD) should be used. Everett's autorun.inf is 3 lines - The Autorun tag, Icon= and Open=. The Icon= does work, the Open= does not (assuming Group Policy procedure followed). I am curious to have anybody who DID follow WindowsSecrets procedure post to say Simon at Microsoft was right.

Thanks a lot, DragonLair. I, too, applied that WindowsSecrits fix. Now I know I'll need to look at my policies.

hotdoge3,

Based on your link and others in this thread, I have done some experimentation with the autorun situation and I have been working with Microsoft.

Microsoft's Group Policy procedure does block the major commands in the autorun.inf, especially the "dangerous ones" like Open and Shell. However, it DOES NOT block the execution of the autorun.inf file entirely. The Icon and Label commands (at least) still work.

I gave the tech I was working with (2nd level support - after proof that it did get into the file) the link to the windowssecrets page. According to the last message I have received, that doesn't block the autorun.inf completely either!

The current state is the ability to block the dangerous commands but Label and Icon (at lease) still execute. Icon is a potential problem but is not known to be a problem for sure. Microsoft is now working on "the rest of the story".

You should be safe if you use the Group Policy procedure. Just don't be shocked if the icon still changes and the volume label changes.

Diane

http://windowssecrets.com/2007/11/08/02-One-quick-trick-prevents-AutoRun-attacks

http://www.giveawayoftheday.com/usb-threat-defender/

http://www.askwoody.com/
“…. Hold down the Shift key when you put anything into your computer. …”

http://arstechnica.com/security/news/2009/03/confickerc-primed-for-april-fools-activation.ars

Centralized information about the 'conficker' worm and its varients courtesy of the Microsoft Malware Protection Center. Your all-in-one stop for what it is, what it does, do I have it, how to get rid of it, all that good stuff can be found at:

http://blogs.technet.com/mmpc/archive/2009/01/22/centralized-information-about-the-conficker-worm.aspx

Thanks for the Alert Hotdoge3

regards

Whiterabbit

http://www.us-cert.gov/cas/techalerts/TA09-020A.html

Technical Cyber Security Alert TA09-020A archive
Microsoft Windows Does Not Disable AutoRun Properly

http://www.smh.com.au/news/security/conficker-worm-hits-millions/2009/01/21/1232471371778.html?sssdmh=dm16.356632

http://www.smh.com.au/news/technology/security/worm-hits-nz-government-computers/2009/01/21/1232471359300.html

http://support.microsoft.com/kb/953252 ** How to correct "disable Autorun registry key" enforcement in Windows

http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10553503

Mystery virus hits 15 million PCs around the world

http://www.nzherald.co.nz/compute/news/article.cfm?c_id=1501832&objectid=10553191

http://www.smh.com.au/technology/security/

http://www.smh.com.au/news/technology/security/worm-hits-nz-government-computers/2009/01/21/1232471359300.html

The ministry was infected by a worm known as "W32.Downadup" or "Conficker" which hit early in January, infecting over 2000 ministry PCs and its mainframe computers.