March 31, 2009

What's a Conficker?

What is the Conficker Worm?

Conficker (also known as Downup, Downadup, and Kido) is a worm that has been spreading across the Internet since around October of 2008, of course, this is just an approximation, and the actual origin is not known for certain. Conficker specifically targets the Windows operating system (Windows 2000 Pro, XP home, XP Pro, XP Media Center Edition, Windows Vista, Windows Server 2003, Windows Server 2008). It spreads via malicious web sites, emails, and sharing infected files via P2P software.

What does Conficker do?

As of now, all that is has done is install itself, break your antivirus software, and modify some system files to make itself very hard to remove. It is also likely that if you got the Conficker Worm, you got other malware as well that causes the common symptoms (pop ups, slowness, etc). In addition, it creates false URLs in order to spread it self, and also downloads more malware to your system.

The big concern with this worm is that is has spread so much. Current estimates indicate that it could be installed on as many as 15 Million computers world wide. Now, if it stay dormant and does nothing, that's not that big of a deal, but experts don't think that it is going to stay dormant. Analysts who have looked into the worm believe that on April 1st, 2009 (tomorrow) the worm is programmed to "phone home" and update it self with new instructions, and that is a major concern.

The potential for a worm like this is massive, and the update could make the worm do anything from delete files, download more malware, turn your computer into a spam bot (a computer that sends out massive amounts of spam) or all the infected computers could be combined to form a massive botnet, which would be leased to the highest bidder.

A bot net, is a network of computers, usually lots of home systems spread across the world, that are controlled as a single unit and used to either send out massive amounts of spam, or to DDoS targets. If used as a botnet and the target is a bank, a utility company, or even a few large organizations the results could be crippling. If they target ISPs, the Internet could come to a crawl, if they target a company, they could lose massive amounts of business.

The problem is, at this point, we don't really know what will happen, and that is scary. But not to worry, we are not helpless.

Symptoms of Conficker:

  • Users being locked out of directories
  • Access to admin shares denied
  • Scheduled tasks being created
  • Access to security related web sites is blocked.

How to stop Conficker:

This worm uses a known exploit in Windows that Microsoft has patched a long time ago. The problem is, many people don't update their computers, so the fix is never installed. So the first step is to update your computer.

  1. Go to update.microsoft.com and install all of the latest updates for your computer. Once they are installed, reboot your computer, and go back and run the updates again. Keep doing this until no more updates show as needing to be installed.
  2. Update your anti virus software. Open up the software and run the automatic update. If your subscription is expired, either renew it right now, or uninstall it, and download and install a free anti virus like AVG
  3. After the updates, run a full system scan, and delete any threats that have been found.
  4. Restart your computer, and run the full system scan again.
  5. You can also use an online scanner like Trend Micro's HousecallSymantec's Removal Tool, or
  6. Microsoft's Malicious Software Removal Tool

For more information about the Conficker Worm See the following:

Microsoft Malware Protection Center

Microsoft Help and Support

McAfee Conficker Information Page

Symantec's Conficker Information Page

    Bookmark this post:
    StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google