Reviews and Resources, Tech and Web NEWS
What is Conficker worm- hype or hope?
By Amarendra Bhushan for CEOWORLD Magazine Updated:April 1, 2009
Get CEOWORLD Magazine digital monthly version. special- Top Capital Cities for a business Traveler, # Interview with Minister of Tourism of Greece. 1 Issues Subscription= $1 Only, 10 Issues Subscription= $5 Only. Grab your copy now!!!!
If you’re worried about the Conficker worm sometimes called Downadup or Kido striking on April 1st, don’t be. The highly-feared Conficker worm virus up to this point is turning out to be a major flop, and nothing but a big April Fools’ joke. There was the potential today that up to 15 million PCs would be infected by the virus, but it is not happening.
What does the Conficker worm do?
The Conficker worm has created secure infrastructure for cybercrime. The worm allows its creators to remotely install software on infected machines. Most likely the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites.
How does the worm infect a computer?
The Downadup worm tries to take advantage of a problem with Windows (a vulnerability) called MS08-067 to quietly install itself. Users who automatically receive updates from Microsoft are already protected from this. The worm also tries to spread by copying itself into shared folders on networks and by infecting USB devices such as memory sticks.
What to do if you are infected by Conficker worm?
If you have a computer that is infected, you will need to use an uninfected computer to download a specialized Conficker removal tool from. Download the tool is here.
Advice to Stay Safe from the Downadup Worm:
1. Run a good security suite (we are partial to Norton Internet Security 2009 and Norton 360 Version 3.0).
2. Keep your computer updated with the latest patches. If you don’t know how to do this, have someone help you set your system to update itself.
3. Don’t use “free” security scans that pop up on many web sites. All too often these are fake, using scare tactics to try to get you to purchase their “full” service. In many cases these are actually infecting you while they run. There is reason to believe that the creators of the Conficker worm are associated with some of these fake security products.
4. Turn off the “autorun” feature that will automatically run programs found on memory sticks and other USB devices.
5. Be smart with your passwords. This includes
———————————————————————
1. Change your passwords periodically
2. Use complex passwords – no simple names or words, use special characters and numbers
3. Using a separate, longer password for each site that has sensitive personal information or access to your bank accounts or credit cards.
6. Use a passwords management system such as Identity Safe (included in Norton Internet Security 2009 and Norton 360 Version 3.0) to track your passwords and to fill out forms automatically.
7. Run Norton Internet Security 2009, Norton AntiVirus 2009 or Norton 360 Version 3.0. You can also try Norton Security Scan.
OR,
Symptoms of Conficker infection include the following:
* Access to security-related sites is blocked
* Users are locked out of the directory
* Traffic is sent through port 445 on non-Directory Service (DS) servers
* Access to admininistrator shared drives is denied
* Autorun.inf files are placed in the recycled directory, or trash bin
Steps to remove Conficker and prevent re-infection
We recommend customers take the following steps to remove W32/Conficker.worm and prevent it from spreading:
1. Install Microsoft Security Update MS08-067: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
2. Clean the infected systems, and reboot- Use anti-malware solutions such as McAfee VirusScan Plus or ToPS for Endpoint to clean the infection. Use behavioral detection techniques like the buffer overflow protection in Host IPS to prevent future infections. This is important because Conficker can propagate via portable media such as infected USB drives. As the media are accessed, the system processes autorun.inf and executes the attack. For more information, read McAfee Avert Labs’ document “Combating Conficker Worm.”
3. Identify other systems at risk of infection- You need to identify which systems are at risk. The list includes systems that either are not patched against Microsoft vulnerability MS08-067 or do not have proactive protection controls to mitigate the vulnerability. McAfee Vulnerability Manager and ePolicy Orchestrator can identify systems that are vulnerable and not protected.
4. Limit the threat’s ability to propagate- Using network IPS at strategic points in your network will quickly limit the ability of the threat to spread. This gives you time to either update your client anti-virus signatures or modify policies to block the threat using the behavioral controls.
Other resources by Rob Rogers on tech-recipes.com
FBI Statement Regarding Conficker Worm
“The FBI is aware of the potential threat posed by the Conficker worm. We are working closely with a broad range of partners, including DHS and other agencies in the U.S. government, as well as throughout the private sector, to fully identify and mitigate the threat.
“The public is once again reminded to employ strong security measures on their computers. That includes the installation of the latest anti-virus software and having a firewall in place.
Additionally, the public should be aware of the potential dangers associated with spam e-mail. Opening, responding to, or clicking on attachments contained in unsolicited e-mail is particularly harmful and should be avoided.”
Like this article! |
|
|
|
|
(No Ratings Yet)
Loading ...171,375 views
Comments
-
CrystalBayClub
-
caffeine head
-
James
Grab a copy of CEOWORLD Magazine for $1 only!!!
