Conficker Worm Infecting 30% Windows PCs

The Conficker Worm, aka Downadup Worm is on a rampage.  Panda Security found it in January and it has been taking a real chunk out of the Windows desktop space.  I read this in the March 2009 issue of CSO Magazine, and thought you would like a little more detail.  (technorati code mbk5hqf7xd)

Symantec  provides the following detail on the worm

http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm

What OS is risky:

Windows 2000, Windows XP and Windows Vista.

Who is Definitely At Risk:

• People who use Windows Operating Systems and have no anti-virus or have not found time to configure their anti-virus.
• People who do not use anti-spyware on their machines or do not update the spyware definitions daily or at least weekly.
• People who have already been compromised by some other malware so they think their system is protected, but it isn’t.
• People who are not configured to receive and install updates and patches from Microsoft automatically.

Who is probably safe:

Windows users of good commercial anti-virus and security suites that have been properly configured to update their virus definitions daily.

A short list of some premium anti-virus applications

• avast! Professional Edition 4.8
• AVG Anti-Virus 8.0
• AVIRA AntiVir Premium 8.1
• BitDefender Antivirus 11
• eScan Anti-Virus 9.0
• ESET NOD32 Anti-Virus 3.0
• F-Secure Anti-Virus 2009
• G DATA AntiVirusKit (AVK) 2009
• Kaspersky Anti-Virus 2009
• McAfee VirusScan Plus 12.1
• Microsoft OneCare 2.5
• Norman Antivirus & Anti-Spyware 7.1
• Panda Security Antivirus Pro 2009
• Sophos Endpoint Protection 7.5.1
• Symantec Norton Anti-Virus 2009
• TrustPort Antivirus Workstation 2.8
• VBA32 Scanner for Windows 3.12.8.2

If you insist on running Windows, you must also run a premium antivirus such as BitDefender, Norton, Panda, AVG, Sophos etc and a real spyware checker like Spybot S&D fromhttp://www.safer-networking.org/index2.html or Adaware from http://lavasoft.com/

Who is definitely safe:

Users of Unix, Linux, MacOSX and other operating systems other than Windows.

What does Conficker / Downadup worm do?

The Conficker / Downadup worm spreads from infected machines to others on the same network mostly. When it finds a vulnerable target, it turns off automated backups, deletes restore points and disables as many security services as it can. It will block access to security-information websites. It opens the infected computer to access the Conficker server, so it can receive spyware and malware downloads. Then it looks for more vulnerable machines on the network.

The newer variants of Conficker focus more on protecting themselves and strengthening infections at previously infected machines.

How do infections happen?

The Conficker / Downadup worm takes advantage of a vulnerability in Windows  called MS08-067 to install itself. http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Users who receive automatic updates from Microsoft are already protected from this vulnerability. The worm also tries to spread by copying itself into shared folders on networks and by infecting USB devices such as memory sticks.

Help! I am Infected!

Use your anti-virus to find out which variant is on your computer. Use the specific steps suggested by your antivirus vendor to achieve removal.

Currently known Variants:
W32.Downadup.A
W32.Downadup.B
W32.Downadup.C

Help! I am not currently Infected

…and I don’t want to be.

• Turn on Microsoft Automated Updates
• Get or renew your Anti-virus / Security Suite
• Get a Software Firewall if it is not already included in your Security Suite
• Get a good Spyware checker
• Learn how to configure your security software for automated updates
• Pay attention to your security alert pop-ups – You can easilly go unconscious and click “yes” when you mean “no.” If some unknown program is trying to get an internet connection, you can always say “no” and see if anything useful stops working. If it does, then say “yes” the next time
• Do not use the “Free Security Products” that pop up at many sites.  These are almost all actually spyware installers.
• Turn off auto-run features that let programs start automatically when you insert a cd or a USB stick.
• Be careful with passwords – change them occasionally, and don’t reuse them at the same site
• Don’t use the same User-name / Password combo everywhere.  If crackers know you use the same user name everywhere, it is a short path to try the currently cracked password to access every site where your username shows up on a Google search.
• Use complicated passwords and (if you use only one computer) use a password-safe program to help you keep track, or as I do, use a book-cipher offset system to randomize your passwords.  If anybody asks about this book-cipher system, I will write it up for you here.