This article is all about explaining what is Conficker worm. How does it spread and how to protect your PC from Conficker Worm.
The Conficker worm, also known as Downup, Downadup, and Kido, was first detected in October 2008. It is estimated that there are over 10 million PCs worldwide infected by this malware.
Why am I talking about the Conficker worm? Well, the other day, I was looking at the site stats, and I noticed that over 90% of the visitors to this blog are using Microsoft’s Windows operating system. And I thought additional information on this malicious software, which might be residing in your PC right now, might be a good idea.
The Conficker worm was specifically created to target a security weakness in the Microsoft Windows Operating System. In particular, PCs that have not been updated with the security patch released by Microsoft October of last year, are vulnerable.
What does Conficker do?
Once your PC is infected, the worm can, at anytime, install additional malicious software to your PC. The hacker can potentially have total control of your PC and will have access to sensitive information (like passwords, pin numbers, etc.).
What are the signs that your PC is infected?
These are some of the “symptoms” observed in PCs infiltrated by Conficker:
- disabled Microsoft Windows services like Automatic Updates, Windows Defender, and other security components.
- involuntary reset of account lockout policies
- inability to access security (anti-virus/anti-malware) web sites
- locked-out user accounts
- slowed responses in the local area network or from domain controllers
How Does the worm spread?
Conficker can spread through the vulnerability in the Windows operating system in PCs without the October patch (estimated at 30% of the total number of PCs worldwide). It can also spread through the infiltration of local networks. Finally, the worm can have access to a desktop or server through infected removable data storage devices (like a USB drive).
How do you protect your PC?
Eric Larkin of PC World suggests these basic steps to protect your computer:
The most critical and obvious protection is to make sure the Microsoft patch is applied. Network administrators can also use a blocklist provided by F-Secure to try and stop the worm’s attempts to connect to Web sites.
And finally, you can disable Autorun so that a PC won’t suffer automatic attack from an infected USB drive or other removable media when it’s connected.
Last week there was some indication that Conficker was stirring again. This was after the feared April 1 “April Fool’s Attack” which didn’t materialize. Most security experts agree that the controllers of Conficker are just bidding their time in order to avoid detection and build more layers of “stealth” into the malware. While authorities and computer security experts are doing everything to neutralize this threat (Microsoft even offered a $250,000 reward for the arrest of the perpetrators), it’s prudent to take your own protective measures.
The most vulnerable PCs are those in businesses where there is less frequent updating of desktops and servers. Once one Pc in a business network is infected, the worm can quickly spread to the other machines in that network.
Home PCs have a layer of protection around individual firewalls. Since some business networks are targeted and are vulnerable, it might be a good idea to avoid using removable devices when you take some work back home with you. If you’re reading this and you haven’t downloaded the Microsoft patch yet, what are you waiting for?
- Worm: Win 32 Conficker Diagram was posted by user Gppande in Wikipedia and used here under Creative Commons Attribution ShareAlike 3.0 License
- PC World: “Protecting Against the Rampant Conficker Worm” by Eric Larkin
- Wikipedia: Conficker