As of Jan 16, 2009, F-Secure have reported a total of 8,976,038 infections and 353,495 unique IP addresses have been infected with Conficker worm (@ Downup, Downadup, Kido). Here is an excerpt from a Microsoft site, “The Conficker worm is a computer worm that can infect your computer and spread itself to other computers across a network automatically, without human interaction.”
Jan 20, the worm have infected 800 PCs in a Hospital network in Sheffield, UK after the manager turned off the Windows AutoUpdate for all the computers.
February 6, the computers used by the Houston Municipal Courts were infected with Conficker from unknown origin.
March 27, the UK parliament was confickered and slowing down the network server.
There are 4 variants of the worm and each infect with its own specificity. Overall, they will replicate themselves and start to attack the Window system folder, try to penetrate through the ADMIN$ share on NetBIOS and mess up with the sharing network. The worm also will reset the System Restore and then disables many of the Windows system services, such as the Window Update and Error Reporting.
You get infected when one or more of these happen:
- Account lockout policies being reset automatically.
- Windows system services (AutoUpdate ect.) were disabled
- System network becoming unusually congested.
- Slow respond to client request (for domain controllers)
- Anti-virus’s websites become inaccessible
- Messed-up AutoRun (“Open folder using Windows Explorer”)
Things you should do to remove or be prepared for the worm:
- Update your Windows with patch MS08-067 (Oct 18, 2008)
- Update your anti-virus to the latest definition (or get one!)
- Disable the AutoRun for your external drives & USB devices
Here some (free) software and applications that you can used: AVG Free Edition 8.5, Avast 4.8, Avira 9, ZoneAlarm Firewall 8
ps: I used the ‘paid’ version of Norton Internet Security 09 (desktop) and ZoneAlarm Internet Security 09 (laptop). Both are awesome (minus some issues with ‘activation’).
On Feb 13, 2009, Microsoft responded to this issue by offering a $250K bounty reward to bring down the ‘guys’ behind this sophisticated worm. There are rumors saying that April 1 is the date when the new and improved variant of the worm will be release and/or it's the date for the worm to be fully activated. So beware of the Conficker!
Sources: CNET, CNN, F-Secure, Microsoft, NetworkWorld, The Register, Wikipedia
0 comments:
Post a Comment