Sport & Auto
- About Future
- Digital Future
- Cookies Policy
- Terms & Conditions
- Investor Relations
- Contact Future
April Fools' Day might be all fun and games for some, but if you manage to fall prey to the Conficker worm, it's no laughing matter. As reported earlier this month by our very own Mark Soper, the third version of Conficker (Conficker.c) is set to wreak havoc tomorrow, April 1st. Here's what you need to know.
Conficker is one of the nastiest computer worms in recent history to go on the warpath against Windows-based PCs. First surfacing in October, 2008, Conficker targets Windows 2000, XP, Vista, Server 2003, Server 2008, Server 2008 R2 Beta, and even Windows 7. To date, Conficker has infected over 9 million PCs, shut down French and British military assests, and prompted a $250,000 reward from Microsoft for information leading to the arrest and conviction of the worm's creators.
The first two versions of Conficker -- variants A and B -- exploit a vulnerability in the Server Service on Windows-based PCs to take advantage of an already-infected source computer. Once infected, the worm goes to work exploiting the network hole, cracking administrator passwords, prevents access to security websites and services for automatic updates, disables backup services, erases recently saved documents, and among other things, also leaves you vulnerable to other infected machines.
One of the scariest things about Conficker, including Conficker.c, is that its full potential isn't known. Come tomorrow, those infected might be prompted to buy fake sofware products, or it could start monitoring your keystrokes to lift sensitive information like banking passwords. Files could end up deleted, or it might transform your computer into a zombie PC while staying under the radar. Whatever it ends up doing, it won't be good, and you need to take proper precautions right now.
Once infected, Conficker seals up the hole it used to infiltrate your system preventing other malware from getting in. Because of this, it can be difficult for IT pros to tell which computers have been patched and which might have a fake Conficker patch. But according to the nonprofit Honeynet Project, Conficker.c's buggy code has made it somewhat easy to detect using a newly released proof-of-concept scanner.
"What we've found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly. You can literally ask a server if it's infected with Conficker, and it will tell you," Dan Kaminsky, director of penetration testing at IOActive who worked with The Honeynet Project, wrote on his blog. "We figured this out on Friday, and got code put together for Monday. It's been one heck of a weekend."
Other telltale signs that you might be infected with Conficker is if you haven't received any automatic updates from Windows in March, if you're unable to update your antivirus program, or if your security software is running abnormally slow as of late. You can also try accessing major AV sites, as Conficker will attempt to block these.
The Department of Homeland Security (DHS) has released a computer worm detection tool, along with a bevy of other information, which can be found here.
Drain your savings account, buy a Mac, and hang out at Starbucks all day long. Or to appease the Linux crowd, ditch Windows and dive into Ubuntu. But you don't need to learn a brand new OS or invest in an overpriced computer to avoid Conficker.
One way to avoid Conficker is to disable AutoRun. Details on how to properly do so can be found here. And as with all security-related threats, safe computing habits apply. Avoid websites you're not familiar with, ensure that Windows is fully patched, invest in a security program and download the latest updates, and never download from an unknown or shady source.
We'll assume here you're talking about your PC (if not, stop scratching it and consult a doctor). There are a number of Conficker removal tools available, such as those found here, here, and here. If going this route, it's a good idea to download the tool(s) from a clean PC rather than your infected one. Note that Conficker also blocks tools with 'Conficker' in the name, so be prepared to rename the file(s) if necessary.
Another option is to create a bootable CD/DVD or USB thumb drive and outfit it with security programs. By doing so, you'll bypass Windows entirely and have a clean slate from which to work from. Just be sure to create bootable media from a clean PC. Also check your security vendor's website for information on creating a bootable rescue disk.
Finally, to err on the extreme side of caution, you can start fresh with a reinstallation of Windows. Whether or not you resort to this, it's a good idea to backup any important data -- work documents, family photos, groovy music -- right away.
Next page: April 1st update