Conficker (also known as Downadup, Downup and Kido) is a computer worm that targets all major Windows operating systems. The first variant of Conficker, discovered in early November 2008, propagated through the Internet by exploiting a vulnerability in a network service (MS08-067) on all versions of Windows. A second variant of the virus, discovered in December 2008, added the ability to propagate over LANs through removable media and network shares. The known symptoms of the virus include large numbers of invalid logos and account lockouts, “The page cannot be displayed” message in web-browser and a few more.
Because this worm tries to log in to network shares with weak administrator passwords (a dictionary-based, brute-force attack) to gain control over systems, one result is a large number of account lockouts. The freeware Netwrix Account Lockout Examiner tool detects and alerts on lockouts in real time and identifies which computers they are coming from, helping you identify the presence of the worm and mitigate its impact.
Netwrix Account Lockout Examiner helps you respond effectively to some of the consequences of Conficker/Downadup propagation. The product tracks all account lockouts in real time so you can quickly identify infected machines, install required hotfixes, unlock accounts in bulk and launch a conficker removal tool. This freeware tool also helps you identify the root cause of each account lockout so that you can separate worm-related lockouts from "normal" account lockouts caused by issues such as improperly mapped network drives, services and scheduled tasks using stale credentials, and so on.