What is Conficker?
Conficker is one of the nastiest computer worms in recent history to go on the warpath against Windows-based PCs. First surfacing in October, 2008, Conficker targets Windows 2000, XP, Vista, Server 2003, Server 2008, Server 2008 R2 Beta, and even Windows 7. To date, Conficker has infected over 9 million PCs, shut down French and British military assests, and prompted a $250,000 reward from Microsoft for information leading to the arrest and conviction of the worm’s creators.
What Does it Do?
The first two versions of Conficker — variants A and B — exploit a vulnerability in the Server Service on Windows-based PCs to take advantage of an already-infected source computer. Once infected, the worm goes to work exploiting the network hole, cracking administrator passwords, prevents access to security websites and services for automatic updates, disables backup services, erases recently saved documents, and among other things, also leaves you vulnerable to other infected machines.
What Happens Tomorrow?
One of the scariest things about Conficker, including Conficker.c, is that its full potential isn’t known. Come tomorrow, those infected might be prompted to buy fake sofware products, or it could start monitoring your keystrokes to lift sensitive information like banking passwords. Files could end up deleted, or it might transform your computer into a zombie PC while staying under the radar. Whatever it ends up doing, it won’t be good, and you need to take proper precautions right now.
How to Tell if You’re Already Infected
Once infected, Conficker seals up the hole it used to infiltrate your system preventing other malware from getting in. Because of this, it can be difficult for IT pros to tell which computers have been patched and which might have a fake Conficker patch. But according to the nonprofit Honeynet Project, Conficker.c’s buggy code has made it somewhat easy to detect using a newly released proof-of-concept scanner.
“What we’ve found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly. You can literally ask a server if it’s infected with Conficker, and it will tell you,” Dan Kaminsky, director of penetration testing at IOActive who worked with The Honeynet Project, wrote on his blog. “We figured this out on Friday, and got code put together for Monday. It’s been one heck of a weekend.”
Other telltale signs that you might be infected with Conficker is if you haven’t received any automatic updates from Windows in March, if you’re unable to update your antivirus program, or if your security software is running abnormally slow as of late. You can also try accessing major AV sites, as Conficker will attempt to block these.
The Department of Homeland Security (DHS) has released a computer worm detection tool, along with a bevy of other information, which can be found here.
How Can I Avoid Infection?
Drain your savings account, buy a Mac, and hang out at Starbucks all day long. Or to appease the Linux crowd, ditch Windows and dive into Ubuntu. But you don’t need to learn a brand new OS or invest in an overpriced computer to avoid Conficker.
One way to avoid Conficker is to disable AutoRun. Details on how to properly do so can be found here. And as with all security-related threats, safe computing habits apply. Avoid websites you’re not familiar with, ensure that Windows is fully patched, invest in a security program and download the latest updates, and never download from an unknown or shady source.