|
Written by Sandy Berger
|
Conficker, also known as Downadup, is a computer worm that spreads in 3 different ways:
1. Conficker's main attack mechanism is that it spreads over the Internet by taking advantage of hole in the Windows operating system. Microsoft released a patch for this vulnerability in October, 2008. Conficker appear shortly after that quickly infecting millions of computers. The patch was released before the virus, so anyone doing regular Windows updates will not have the vulnerability. All the major antivirus programs including the free versions of AVG and Avast, will currently detect all versions of the Conficker worm. Computers that do not receive the regular Windows updates are very susceptible to Conficker. It is estimated that more than 30% of the Windows computers in the world are running bogus versions of Microsoft Windows that cannot receive the proper updates because they are unregistered copies. So you can see why Conficker has spread so quickly.
2. Conficker also spreads by removable USB devices. Although there have been viruses spread from digital picture frames and other devices, it is the first major virus to take advantage of this transmission method. It uses the AutoPlay pop-up that appears when you plug in a USB device to trick you into installing the virus. Woody Leonhard gives an excellent explanation of how this works in his Windows Secrets' article entitled: Keep the latest worm infestation off your PC.
Although Woody suggests turning off AutoPlay, I feel that most everyday home users find it a useful tool. Also, the only way to completely shut down AutoPlay is to edit the Registry. This is a dangerous proposal for most PC users, so I will suggest that instead, you use your antivirus software to scan any removable device that you attach to your computer. Most anti-virus software programs can be set to do this for you automatically. If you don't know how to set this up, check with your antivirus provider. I have instruction for turning on automatic scanning of removable devices with AVG. Follow these instructions if you use AVG. If not, check out these instructions and adapt them to your own antivirus program.
3. Conficker is also smart enough to gain access to networks by using automated methods of guessing network passwords. This is how many networks are being infiltrated. Weak passwords that are a combination of names and/or words allow Conficker entry to the network where it can then spread through shared folders. This is a wake up call for everyone to use more complex passwords. This password guessing is probably how Conficker attacked the CBS television computer network. This infection was disclosed on CBS's recent 60 Minute program. If you didn't see the program, read my assessment of the 60 Minute Conficker coverage. I'll give you a hint. I thought it was atrocious.
The Conficker worm is very smartly written. There are already 3 versions, each one smarter than the previous one. Each version is set to call the virus creator for instructions on certain dates. The next such date is April 1, 2009 when the millions of infected computers will get their next marching orders. They might be instructed to simply call again later, to mount an attack against a certain computer network, like a governmental entity, or to transmit passwords and/or financial or other personal information from the infected computers.
No matter how malicious or benign this virus turns out to be, you will want to make sure that your computer is fully protected.
How to Tell if You Are Infected
What to Do If You Are infected
|
