Are You Ready for Conficker?
Are You Ready for Conficker?
by Brian Bentzen
Conficker is a widely distributed worm, a computer virus that came into being after Microsoft updated their software on October 23, 2008 to close a flaw that could be exploited to allow remote code execution. As a result, only PC users can be infected and 10 million PCs are estimated to be infected. Apple users are still safe. This bug takes advantage of people who weren’t timely in updating Windows to keep a security flaw in the Windows code open. This security flaw allows the virus to remotely take over certain actions on your computer. CA says, ”Win32/Conficker.C is a worm capable of blocking security related websites, terminating system security services and downloading component files using time-based generated URLs.” As a result, this worm leaves your system open to additional malware attacks, and it can be very difficult to remove. In it’s current form, it doesn’t seem to steal data, passwords, send spam, or attempt to overload websites but it does have the capability to receive additional instructions. Additionally, it deletes restore points and blocks your ability to upgrade your security, leaving you more vulnerable to other malware.
The first version, Win32/Conficker.A was reported to Microsoft on November 21, 2008. On December 29, 2008 Win32/Conficker.B was discovered. These versions of the virus exploit the previously mentioned security flaw. The program then downloads a version of itself that integrates the virus into the Windows startup files. Once it has infected your computer, it can infect removable drives including USB flash drives, and it will attempt to hack your network administrator password. If you don’t have a password on your network, it will try to infect your network. It will prevent your computer from downloading certain security upgrades in order to prevent its eradication. To prevent spread to your computer by removable media, you will need to disable autorun (Windows link).
The third version Win32/Conficker.C was reported to Microsoft on February 20, 2009. This version was developed in response to an attempt to shut down the random webpages that were being propagated by the virus. Rather than attempt to access 1 of 250 pages, the virus now attempts to access 1 of 50,000 pages. This increases the likelihood of the virus being able to receive the next update, which will occur on April 1, 2009.
I scanned my computer and was lucky enough not to be one of the millions of people at risk due to this worm. After seeing the 60 minutes segment on Sunday night, I’m concerned that I could still be at risk. The larger the network it seems the greater the risk. Although my personal computer is safe, my information is stored by various corporations across the country and the world. My personal information could be accessed with a mere keystroke. So could yours. Luckily, The United States Computer Emergency Readiness Team (US-CERT), a division of the Department of Homeland Security, developed a tool that can detect and remove the virus. From this website you can access several tools that will help you to detect and remove the virus from your computer. Additionally you can call 1-866-PCSAFETY to speak to Microsoft’s PC Safety Hotline. The Department of Homeland Security recommends you disable autorun (DHS link), install the critical security patch, keep up to date with Windows update, anti-virus and anti-spyware, and enable a firewall.
With a little luck and a few days notice, our responsible corporate friends will largely eliminate this threat. Nonetheless, we are all still at risk from future attacks. I plan to follow the DHS advice. Watch the 60 minutes piece and you may be surprised at how the authors of malicious software are treated around the world. Good luck!
Recent Comments