-
April 1 is Here; Where's Conficker?
Techtree News Staff, Apr 01, 2009 1603 hrs ISTHere is what the experts have to say
Has the Conficker virus turned out to be an anticipated April fool's day prank after all?
As the April fool's day eve has gone by, there aren't any reports of any malicious action having taken place. However, experts are saying that it may not be the time yet to lay back and relax.
Anyway, if most of you have updated your anti-virus software, there isn't much to be worried about.
So, how does one know if they are affected?
"One of the symptoms of this worm is that it blocks access to Web sites of Internet security companies," says Dave Marcus, of McAfee Avert Labs.
Microsoft Efforts
On Feb. 12, Microsoft announced the formation of a collaboration called Conficker Cabal, to combat the effects of Conficker. Organizations involved in this collaborative effort include Microsoft, Afilias, ICANN, Neustar, Verisign, CNNIC, Public Internet Registry, Global Domains International, M1D Global, AOL, Symantec, F-Secure, ISC, researchers from Georgia Tech, The Shadowserver Foundation, Arbor Networks, and Support Intelligence.
Further information regarding how to protect one from it and about removal can be found at the following Conficker Cabal site.
CXOToday outlines five steps that users need to follow to prevent themselves from getting infected.
History
The infamous Conficker worm and its variants have infected nearly 15 million PCs globally till date. The worm is programmed to update itself from domains it randomly generates. For the latest version -- Conficker C, this amounts to nearly 50,000 domains a day. The virus author needs to only use one of these domains to host the update, thus making tracking nearly impossible.
Meanwhile, the Microsoft's $250,000 bounty to trace the author/s of the Conficker worm has not yielded any result so far.
The Conficker worm first surfaced in October 2008. In January, infections had crossed nine million PCs globally. Currently, the worm is found in three variants dubbed - A, B, and C.
The worm typically disables system services such as Windows defender, automatic update, security center, and error reporting. It also allows installation of additional malware on the infected PCs. Further, if your OC is infected, it could block all sites that provide access to anti-virus tools.
"It may be downloaded unknowingly by a user when visiting malicious websites. Once installed in the system, it drops a copy set to allow restricted access with 'file execute' for users. This worm can terminate processes that contain certain strings, running in memory that relates to antivirus programs," said Amit Nath, country manager (India & SAARC) at Trend Micro. Due to this process, it avoids early detection and consequent removal.
What now?
Hoax or not, security experts insist that you keep your anti-virus software updated. Have any of you been affected by Conficker?
As the April fool's day eve has gone by, there aren't any reports of any malicious action having taken place. However, experts are saying that it may not be the time yet to lay back and relax.
Anyway, if most of you have updated your anti-virus software, there isn't much to be worried about.
So, how does one know if they are affected?
"One of the symptoms of this worm is that it blocks access to Web sites of Internet security companies," says Dave Marcus, of McAfee Avert Labs.
Microsoft Efforts
On Feb. 12, Microsoft announced the formation of a collaboration called Conficker Cabal, to combat the effects of Conficker. Organizations involved in this collaborative effort include Microsoft, Afilias, ICANN, Neustar, Verisign, CNNIC, Public Internet Registry, Global Domains International, M1D Global, AOL, Symantec, F-Secure, ISC, researchers from Georgia Tech, The Shadowserver Foundation, Arbor Networks, and Support Intelligence.
Further information regarding how to protect one from it and about removal can be found at the following Conficker Cabal site.
CXOToday outlines five steps that users need to follow to prevent themselves from getting infected.
- Buy a genuine copy of Microsoft Windows so that you get access to automatic updates from the Microsoft website. A point worth noting here is that Microsoft had already issued a patch (MS08-067) to fix the vulnerability before the virus was created. This clearly shows that ignorant users are clearly at fault as well for getting infected by this worm.
- Configure your systems to check for updates automatically. Download and apply the updates and patches immediately after they are released. It is fruitless if you just download an update and do not apply it.
- Although CXOToday does not endorse piracy but the fact is that there are lots of users who run a pirated version of Windows. For them, they should manually download the updates from Microsoft's website. They are at a greater risk as they have to keep an eye on what vulnerabilities and patches are available and when they are launched in order to keep their system up-to-date.
- Invest in a good antivirus software. This will not only prevent such worms from infecting your computers but they will prevent other malware from infecting your computers as well. Note: An antivirus is only as effective as its virus signature database. There is NO point in keeping an antivirus and NOT updating its virus definitions. This is the most common mistake that users make.
History
The infamous Conficker worm and its variants have infected nearly 15 million PCs globally till date. The worm is programmed to update itself from domains it randomly generates. For the latest version -- Conficker C, this amounts to nearly 50,000 domains a day. The virus author needs to only use one of these domains to host the update, thus making tracking nearly impossible.
Meanwhile, the Microsoft's $250,000 bounty to trace the author/s of the Conficker worm has not yielded any result so far.
The Conficker worm first surfaced in October 2008. In January, infections had crossed nine million PCs globally. Currently, the worm is found in three variants dubbed - A, B, and C.
The worm typically disables system services such as Windows defender, automatic update, security center, and error reporting. It also allows installation of additional malware on the infected PCs. Further, if your OC is infected, it could block all sites that provide access to anti-virus tools.
"It may be downloaded unknowingly by a user when visiting malicious websites. Once installed in the system, it drops a copy set to allow restricted access with 'file execute' for users. This worm can terminate processes that contain certain strings, running in memory that relates to antivirus programs," said Amit Nath, country manager (India & SAARC) at Trend Micro. Due to this process, it avoids early detection and consequent removal.
What now?
Hoax or not, security experts insist that you keep your anti-virus software updated. Have any of you been affected by Conficker?
Related Links
Discussion Board
Avinash Sawant
,Mumbai, on Apr 03, 2009 11:19 AM
Report abuse
A person
,Canada, on Apr 02, 2009 06:56 PM
Conficker
,Russia, on Apr 02, 2009 06:12 PM
god
,heaven, on Apr 02, 2009 04:09 PM
Martino Jones
,Ypsilanti Twp., on Apr 02, 2009 01:58 AM
person who made
,CONCORD, on Apr 02, 2009 01:26 AM
person who made
,CONCORD, on Apr 02, 2009 01:21 AM
none of your bu
,a, on Apr 01, 2009 11:55 PM
Mahx
,Farmer City, on Apr 01, 2009 10:39 PM
robert
,Hamilton,on, on Apr 01, 2009 08:30 PM
R.Franck
,Penticton, on Apr 01, 2009 09:27 PM
Jack L
,Seattle, Washington, on Apr 01, 2009 07:17 PM
Amanda
,Spring Hill, on Apr 01, 2009 06:50 PM
Anonymous
,Lemas, on Apr 01, 2009 05:52 PM
Digital Jedi
,Hickory, on Apr 01, 2009 06:39 PM
the april fool
,townsville, on Apr 01, 2009 06:24 PM
