|
SMAR TECHNOLOGY ALERT
The Conficker worm is thought by many to be prepared to strike April 1, 2009. Much media attention has been given to the threat. Unfortunately, some of it has also been misleading. The number one priority for SMAR Members is to take steps to ensure they are not infected and do not become a source of infection for others. Here are some basic steps to take to make Conficker less of a threat:
1) Keep your Windows XP or Windows Vista PC's updated with the latest Microsoft Updates and patches. Several MS patches address vulnerabilities exploited by versions of Conficker. Please note anyone running a version of MS XP prior to Service Pack 2 IS NOT PROTECTED. You must upgrade at least to XP SP2 to get the patches. Specifically, get the MS08-067 patch.
2) Ensure your Commercial Antivirus subscription is current and your files are updated. The major providers of antivirus software have already addressed Conficker detection and removal. Remember you must maintain a paid subscription with most vendors in order to receive the most up-to-date protection. Expired subscriptions will not protect you. Conficker has variants dating back to 2008 and has been updated periodically to defeat countermeasures put in place since then. Whoever is controlling this worm is aggressively working to keep it a viable threat.
3) Scan USB devices, including thumb drives and external drives as part of your antivirus efforts. Conficker has a variant that targets these drives for infection using the Windows Autorun feature.
4) Download and run the McAfee Stinger tool that targets Conficker infections. A copy may be found here. Bit Defender, Microsoft, Symantec, F-Secure, McAfee, and Kaspersky Labs, are among the major vendors with free removal and detection tools available.
5) Use removal and detection tools from reliable, trusted sources. Spyware vendors will try to fool you with sound-alike names and false software designed to steal your money. The free Stinger tool mentioned above will be enough to remove this particular infection. It is not a continuous protection, nor does it search for other Trojans and Viruses that threaten PCs.
The Conficker worm uses a combination of techniques both to infect and to avoid detection. It can randomly name itself for each infection and uses strong encryption to prevent its payload of stolen data from being hijacked.
The worm possesses several attacks to open doors on infected computers to make them even more vulnerable or to put them under the control of others. It appears to be building the capability to transfer large volumes of highly encrypted data across infected domains using millions of infected machines simultaneously. But it may also wipe hard drives, engage in denial of service attacks against websites, spawn thousands of false domains, attempt to overload networks with useless web traffic, steal sensitive data, lock users out of accounts, and rapidly propagate to other computers.
Some reports indicate it may not become fully active April 1, but will still remain a threat because it appears to be awaiting additional code to complete its mission(s). SMAR technology is of the opinion that the worm will attempt a major expansion of its infection techniques April 1, rather than reveal the full range of its potential for damage, but that is not an excuse to do nothing. This is potentially a very serious threat because nobody can be sure what instructions Conficker will receive should its authors choose to activate it. Don't dismiss it.
|
