Computer users beware, security experts have warned that the deadly Internet worm Conficker C is all set to strike back on April 1. According to Graham Cluley of security firm Sophos, Conficker C is programmed “to hunt for new instructions on April 1”. On January 1, the virus had infected more than nine million computers worldwide and was spreading at a rate of one million machines daily. Here’s all about this virus: what it does, how it spreads, symptoms that you have been hit and also how to escape it.
Although the origin of the name “conficker” is not known with certainty, Internet specialists and others have speculated that it is a German portmanteau fusing the term “configure” with “ficken”, the German equivalent of “fuck“. Microsoft analyst Joshua Phillips describes “conficker” as a rearrangement of portions of the domain name ‘trafficconverter.biz’.
How does it spread?
According to security experts, Conficker’s most intriguing aspect is its multipronged attack strategy: It can spread in three different ways.
One is a vulnerability in Windows that Microsoft patched almost six months ago. The bug, which is in a file-sharing service that’s included in all versions of the operating system, can be exploited remotely just by sending a malformed data packet to an unpatched PC.
Two, the worm can spread by password attacks. And third, by copying itself to any removable USB-based devices such as flash drives and cameras.
Microsoft’s advisory about Conficker lists several symptoms of infection, including these:
· Account lockout policies are being tripped.
· Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
· Domain controllers respond slowly to client requests.
· The network is congested.
· Various security-related Web sites cannot be accessed.
In case your PC is showing any of these symptoms Microsoft recommends that you immediately use the MSRT to clean the machine.
Users can download MSRT from Microsoft’s site, or follow the instructions posted at its support site.
Once in a computer it digs deep, setting up defenses that make it hard to extract. The worm leaves the computer vulnerable to further exploitation by hackers and spammers, who are able to remotely download more malicious programs onto the computer, or even use the worm to help install software that will enable them to track and steal security information, such as banking logins or credit card information. Malware could also be triggered to turn control of infected computers over to hackers amassing “zombie” machines into “botnet” armies. “Here we are with a big, big outbreak and they keep revamping their methodology to increase the size of it,” Perry said. “They could be growing this huge botnet to slice it up and sell it on the criminal market.”
A troubling aspect of Conficker is that it harnesses computing power of a botnet to crack passwords.
Most vulnerable machines
According to Microsoft, unpatched Windows 2000, Windows XP and Windows Server 2003 machines are at the greatest risk. There are also reports from security companies, which highlight the danger to PCs running Windows XP Service Pack 2 and XP Service Pack 3.
Incidentally, these versions account for the bulk of Windows’ market share. Unpatched Windows Vista and Server 2008 systems are less likely to fall victim to these attack, since hackers need to authenticate access to the computer, in other words know the log-in username and password.
How to escape
Microsoft advises people to stay current on anti-virus tools and Windows updates, and to protect computers and files with strong passwords.
Microsoft issued a new series of security patches to try and help computer users defend their machines against the worm. Security experts urge people to harden passwords by mixing in numbers, punctuation marks, and upper-case letters. Doing so makes it millions of times harder for passwords to be deduced.
As antivirus companies worldwide scramble to erect defences against the Conficker C worm, an Indian company has successfully found a way to beat the computer worm. MicroWorld Technologies’ security solution claims to not only detect, but also eliminate Conficker C and block any further attempts by the worm to reinstall itself on the system. Govind Rammurthy, CEO & MD, MicroWorld Technologies said, “A three-pronged strategy is needed to tackle Conficker C an updated antivirus software, firewall protection on each and every computer in the network and the latest Microsoft patches.” MicroWorld’s recently launched eScan version 10 software also incorporates daily updates against the Conficker virus, which the company built after buyers of previous versions complained of Conficker attacks. Because the Conficker worm downloads fresh versions of itself on an hourly basis, eScan 10 is updated 8-9 times daily.
It also provides each computer with its own firewall, thus screening every software that seeks access to the computer and automatically downloads key patches released by Microsoft. So, let’s install this software or any other by ESET, Kaspersky, or BitDefender, and run on-demand scans for about 3-4 times a day, and assure ourselves to have a clean PC till the end of 1st week of April 2009. Good Luck, and Godspeed!!!