By DWIGHT SILVERMAN
Copyright 2009 Houston Chronicle
March 30, 2009, 11:37PM
There’s no question that Conficker, aka Downadup, is a nasty piece of work. As a computer worm, it’s insidiously crafted to take control of an infected Windows PC, disable anti-malware protection and potentially communicate with more than 50,000 automatically created Internet domains.
But what’s unknown is what Conficker is designed to do. Wednesday — April Fools’ Day — this powerful, sophisticated and possibly dangerous program is expected to reach out to hundreds of Internet domains to receive new instructions. No one quite knows what, if anything, will happen once it does.
There are three variants of Conficker. Each is more advanced than the next, and the latest one, Conficker.C, is the one that worries security researchers most. It is designed to evade the tactics they’d been employing to prevent the earlier versions from becoming a threat.
Worm widespread
Estimates of the numbers of computers infected with Conficker varies greatly, from a few million to nearly 10 million. As a group, the infected PCs can work cooperatively in what’s known as a botnet.
Botnets are how the cyberscum who develop viruses, Trojans and worms make money, renting their armies of infected systems to spammers and scammers. Most botnets — and there are some that are bigger than Conficker — are used to steal private information or blast spam e-mail and more malware across the Internet. They also can be used to flood Web sites with data, making them inaccessible, in what’s called a Denial of Service attack.
Conficker’s PCs could be told to do any of that and more … or, nothing at all.
Conficker takes advantage of a flaw in all modern versions of Windows that Microsoft fixed with an emergency patch in October. If you have Windows set to automatically download and install updates — and if you are running effective, up-to-date anti-malware software — then you should be protected and don’t have much to worry about. If, however, you’re one of those obstinate folks who mistakenly think Microsoft’s updates do more harm than good, you may be about to find out otherwise.
Also at risk are businesses that take their sweet time testing patches before applying them across networks and who may not yet have installed the October fix.
Conficker can spread in a variety of ways, including infected USB flash drives and across Windows shared drives and folders. Using strong passwords and not sharing whole drives on a network can help prevent infections.
What to look for
How do you know if your PC is infected with Conficker? You may not see any outward signs, because the worm tries to keep a low profile. But here are some basics to watch for:
• Windows’ account lockout policies are tripped, which might make it difficult to log into your PC.
• Some key parts of Windows are disabled, such as Automatic Updates; the Background Intelligent Transfer Service, or BITS; Windows Defender; and Error Reporting.
• Domain controllers take a long time to respond, which results in slow network access and Internet surfing.
• Your home or business network is congested with a lot more traffic than usual.
• You’re unable to access certain Web sites related to computer security.
All the top anti-malware programs will recognize and can remove Conficker. However, if you’re not protected and you think you are infected, visit the SANS Internet Storm Center at http://isc.sans.org/diary.html?storyid=5860, which has a detailed and frequently updated list of removal tools and instructions, updates about eradication efforts and general information about the worm.
Again, if you’re patched and practice safe computing, you should be fine. If you’re not and you don’t ... well, it’s time to get your house in order.
You don’t want to be the brunt of Conficker’s April Fools’ joke, whatever it might be
No comments:
Post a Comment