Conficker Worm: Is It Still Around?
Monday, June 1, 2009 14:11
Extent of the Problem
The Conficker worm has been around since late last year, but it was not until early this year that most people had heard of it. The worm, which is also called the Downadup worm, takes advantage of a flaw in the Windows operating system. A recent article in CSO Online detailed Conficker and stated that it is still infecting Window computers at a rate of about 50,000 new computers per day which to me seems like a lot of computers. The number of infected computers is not the only reason to be concerned, however. Once the computer is infected, it can receive updates or downloads and install other malware or bad software. The infected computer can be remotely controlled and essentially becomes part of a botnet, which is a group of compromised computers that are under the common control of one person or group. The computers become “zombies” since they can be controlled remotely by others without the user’s knowledge. Currently, it appears that the botnet is not really being used for any specific purposes, but that could change at any time. I don’t know about you, but I would not want such a worm on my network or computer, and I surely don’t want someone to be able to remotely control my computer or steal information off my network.
How Does it Work?
According to a variety of sources, the worm can infect a computer in one of three ways. First, it attacks the vulnerability in the Microsoft Server Service. A patch for this vulnerability has been out since October of 2008. Secondly, it can can attempt to guess or “brute force” the administrator password used by the computer and then spread it through network shares. Lastly, the worm can also spread through removable devices, such as USB drives, with an auto-run file that executes as soon as the removable drive is connected to a computer. Once the Conficker worm has infected a computer, it turns off the automatic update service, the background intelligent service, the security center service, the defender service, and the error reporting services. Also, an infected computer on the network can usually spread the worm rapidly to other computers on the same network.
How to Stop Conficker
A couple of things can be done to prevent your Windows computer from getting infected.
- The most crucial and obvious is to make sure you have installed the MS08-067 Microsoft patch. Keeping your system up to date with security patches is a crucial step when protecting it from a security threat, including viruses.
- Disable the auto-run feature for removable devices. This can be done through the registry, but make sure you know what you are doing before making changes to your registry.
- Update your anti-virus software. Keeping your anti-virus software running the most current virus definitions helps prevent and/or remove such viruses or worms from your system. Again, this is something that should be done to protect your system from a variety of worms and viruses.
- If you are not good at updating your software, then look at using configuring the automatic update feature in Windows.
If you think you are already infected by the Conficker, you can use one of a variety of free online tools that can help remove it. These include ones from F-Secure, Microsoft, ESET Online Scanner, TrendMicro, Webroot and McAfee. There are others out their so don’t take this as an all-inclusive list. If you don’t have anti-virus software on your machine, then I would go to Free AVG or Avast. Both are good sources of free anti-virus software. Always remember, protecting your computer up front can save time and money later.
Related posts: