Not all April Fool Jokes are Funny: Conficker Malware Threat
April Fool’s Day worm starts its countdown, security vendors are cautioning users that if they’ve implemented basic security on your home computer or network, they’ll be fine.
Others, however, face risk from a worm that’s spread rapidly and without a clear indication of its purpose, they told InternetNews.com.
"It’s important for users to apply the known, basic, common-sense steps to protect themselves, even in light of increasing and increasingly sophisticated attacks," said Jenko Hwong, director of security products for security appliance vendor Mirapoint. "Conficker.C and April 1st won’t bring Armageddon."
For most users, that involves using up-do-date software and security tools.
"If you have a legal copy of Microsoft Windows, you have invested ... in antivirus software, or you pay your service provider for secured Internet access -- most likely you are safe," said Ron Meyran, product manager for security for application delivery and network security vendor Radware. "The same applies for enterprise networks: Your corporate policy should cover such cases."
Nevertheless, the worm has still managed to spread widely. David Perry, global director of education at antivirus firm Trend Micro, told Internetnews.com several months ago that he believes about 10 million PCs have been hit.
Many of the infected PCs are inadequately defended. "If you run an illegal copy of Windows, your antivirus (if any) is a freeware, you are a DSL or cable subscriber and you never disconnect -- then you are the ideal target for self propagating viruses such as Conficker," Radware’s Meyran said.
"And it will not be he first time your computer is recruited into a botnet, he said. "In fact, there is a good chance that you already host malware of more than one botnet."
Owners of many infected PCs won’t know they’re infected until April 1, added Trend Micro’s Perry. "It’s hard to spot Conficker’s work."
Experts don’t know what the worm will do on April 1, but they have some educated guesses. Tal Golan, founder and CTO of antispam appliance vendor Sendio, said that the worm will likely send out e-mail containing spam or malware, but that the e-mail will be a "smoke screen masking the real targets of the worm or virus."
All of the experts that InternetNews.com contacted agreed that Conficker’s spread shows that many organizations are not up to date on their patches: The worm exploits a well-known vulnerability, published by Microsoft on Oct. 23, 2008. Anyone who applied the necessary patches since then is safe.
Security experts urged users who suspect they’re infected to scan their PCs. Trend Micro’s Perry recommended using security software based in the cloud, such as his company’s Trend Micro Smart Protection Network for enterprise users. The company also offers a Web-based scanning service called House Call for home users.
Radware’s Meyran said that one sign you’re infected could be if some Windows system services have been disabled on your PC.
The worm might be visible to any user: "It connects to a remote server in order to receive further instructions such as gathering personal information and downloading additional malware to the victim’s computer. It also disables a number of system services such as Windows Automatic Update, Windows Security Center and Windows Defender -- all to prevent disinfection."
Author: Alex Goldman
Source: InternetNews.com.
Updates 03-31-09:
Note that the vulnerability hole was fixed in October 2008 by Microsoft, but if your computer doesn't get automatic updates from Microsoft and you have not performed them manually for a while, your computer could be affected.
Try to update all the Microsoft updates first. If you see that you cannot perform them automatically, your computer might be already affected by the worm, who prevented you from healing your PC. If so, you will need to apply the medicine manually. Visit Microsoft explanation website http://technet.microsoft.com/en-us/security/dd452420.aspx and download Microsoft® Windows® Malicious Software Removal Tool (KB890830) on your Hard Drive. Run it and perform the Quick scan first. If at the first glance, you PC looks clean, ensure the fact by running full scan. Depending on how large your HDD, this scan might take from an hour to several hours. So be patient.