Conficker (a.k.a. Downadup) is a virulent worm best known for infecting Windows XP and Vista desktop PCs, but it is also attacking production corporate servers, including virtual machines in the virtualized data center.
How does it work?
Once a single server is infected, Conficker can wreak havoc by using that machine as a launch pad to scan and attack other vulnerable targets on both the physical and virtual networks.
Should I be worried?
The virtualized data center presents an especially fertile habitat for Conficker because of the lack of visibility and control present within the virtualized environment. Communication between VMs on an ESX server doesn't touch the physical network – making it invisible to traditional network monitoring tools and unprotected by physical network security devices. As a result, it is very easy for worms like Conficker to spread quickly in this environment.
How can I prevent it?
One solution to this problem is the installation of a virtual firewall. In a similar way to how their physical world counterparts work, virtual firewalls prevent unauthorized access to the virtual machines that they are protecting; they bring back the visibility and control that was lost in moving to the virtual environment, and most importantly, virtual firewalls provide "Day 0" protection from malware like Conficker.
From the - March 2009 Issue of SCMagazine »