Businesses, schools and personal home computer users running Windows operating systems, and even Macs, need to pay attention to software updates and patches. Proof of that statement is found in the timely computer virus or worm that promises to compromise and break computer systems.
Conficker is a computer worm receiving a lot of media coverage due to its trigger date of April 1, 2009. The worm surfaced in October 2008 and targets Microsoft Windows computers. The worm exploits a previously patched vulnerability in the Windows software used by all version of the Windows OS since Windows 2000, including XP, Vista, Server 2003, Server 2008 and Windows 7 beta.
The worm has been unusually difficult for network operators and law enforcement to counter because of its combined use of advanced malware techniques. Three main variants of the Conficker worm are known and have been dubbed Conficker A, B and C. They were discovered November 21, December 29 and March 4, respectively.
How conficker works to infect computers. Click on the picture for a larger size.
Specific information can be found in the Conficker Wikipedia article on the Internet. The variants each have specific attack patterns including acting as a server service called svchost.exe, remotely executing itself through the ADMIN$ share, and attaching itself to removable media like USB flash drives.
Variant A generates domain names and attempts an HTTP connection to find way to distribute its executable payloads. Variant C is the nasty version which executes on April 1 and sidesteps countermeasures to build daily lists of 50000 domains and attack machines across 110 top level Internet domains.
This worm can reset System Restore point and disable services that would normally allow for the recovery of your system without a reinstallation of Windows. Windows Security Center, Defender and Error Reporting can all be disabled.
Symptoms might include antivirus websites becoming inaccessible, large amounts of local network traffic and slow domain controllers. The number of PCs likely to be affected range from 9 to 15 million and this is the worst infection since 2003′s Slammer outbreak.
To prevent your business, education and personal computers from being a target or spreading the infection on a network, make sure that you complete Microsoft updates including the security patch MS08-067. Make sure that you have the latest service pack for your operating system: SP3 for Windows XP and SP4 for Windows 2000 and SP1 for Vista. Do all other critical updates today or ASAP.
Make sure your anti-virus and security software is up-to-date and running on your computer. Disable AutoRun on your computer.
If you have doubts about Conficker, give ArrowQuick Solutions a call at 641-673-4109.
Subscribe via RSS