For many security professionals, including us at McAfee, Conficker is a déjà vu. It brings us right back to the late nineties and earlier this millennium when worms such as Blaster and Sasser wreaked havoc on the Internet by infecting one computer after the other without requiring any user action. It is important to note though that Blaster and Sasser were much more widespread than Conficker.
Conficker first surfaced late last year, taking advantage of a security flaw in Microsoft’s Windows operating system to spread. Microsoft provided an emergency fix for the vulnerability last October with Security Update MS08-067. However, because many systems were not patched and not properly secured Conficker has slithered onto as many as 12 million Windows computers, according to some estimates.
Several variants of Conficker have surfaced since the original. One variant, Conficker.C, could activate on April 1 and start another assault on Windows computers. Computers infected with Conficker become part of an army of compromised computers and could be used to launch attacks on Web sites, distribute spam, host phishing Web sites or other nefarious activities.
Additionally, once it is on a computer, Conficker digs itself in by attempting to deactivate security software and sabotaging tools to remove it. If you notice that you’re unable to access Web sites such as www.mcafee.com or your security software is acting up, that could be a sign that your system was taken by Conficker.
The good news is that protecting against Conficker isn’t hard. There are two basic things that will ensure a Windows computer is shielded against the worm.
1) Install Microsoft’s Security Update MS08-067
2) Run up-to-date antimalware software
Systems that for some reason cannot be updated or run antimalware software should be isolated. For enterprises, McAfee’s intrusion prevention products including McAfee’s Network Security Platform and McAfee Host Intrusion Prevention also protect systems from getting hit by Conficker.
Should your computer be infected by Conficker and there is no antimalware solution, McAfee Avert Labs’ Stinger tool can remove the malware. In addition, McAfee Avert Labs has published a technical document to help find Conficker on your systems in case there has been a compromise.
McAfee Avert Labs will monitor the state of the Internet on April 1 and report on any Conficker activity on the Avert Labs blog. Meanwhile, if you have any indication who is behind Conficker, report them to the authorities and you may be eligible for a $250,000 reward offered by Microsoft. [April 1, 2009]
Send this IT news to a friend