Halloween has come and gone, children are off their sugar highs and onto their sugar blues, and on the Internet roams a malware beast more scary than Frankenstein, vampires and Darth Vader - computer users run for the darkest corner of your hard drive and hide before Conficker takes over your machine. Also known as Downup, Downadup and Kido (who makes up these names anyway???)
Conficker is a worm that appeared in 2008, it exploits a vulnerability in the Windows Operating System. It’s a creepy, crawly toxic software that contaminates our computers without our ever knowing it. BOO! and then Boo Hoo Hoo.
Conficker has proved to be such a nuisance that Microsoft has even offered a $250,000 reward for information leading to an arrest in the Conficker case.
For the past three years, Conficker has been spreading rapidly around the world. As many as 12 million computers have been infected with the self-updating worm, a type of malware that can get inside computers and operate without their permission.
What is the Conficker worm?
The W32/Conficker worm exploits the MS08-067 vulnerability in Microsoft Windows Server Service. If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. From: McAfee Corporate KnowledgeBase This means somewhere in the world there is a jerk who has access to your computer! See, this stuff is creepy.
Now From A Conficker Expert: Mark Bowden From: Fresh Air with Terry Gross on NPR.org
"What Conficker does is penetrate the core of the [operating system] of the computer and essentially turn over control of your computer to a remote controller," writer Mark Bowden tells Fresh Air's Terry Gross. "[That person] could then utilize all of these computers, including yours, that are connected. ... And you have effectively the largest, most powerful computer in the world."
The gigantic networked system created by the Conficker worm is what's known as a "botnet." The Conficker botnet is powerful enough to take over computer networks that control banking, telephones, security systems, air traffic control and even the Internet itself, says Bowden. His new book, Worm: The First Digital World War, details how Conficker was discovered, how it works, and the ongoing programming battle to bring down the Conficker worm, which he says could have widespread consequences if used nefariously.
If you were to launch with a botnet that has 10 million computers in it - launch a denial of service attack -you could launch a large enough attack that it would not just overwhelm the target of the attack, but the root servers of the Internet itself, and could crash the entire Internet," he says. "What frightens security folks, and increasingly government and Pentagon officials, is that a botnet of that size could also be used as a weapon."
The Conficker worm can be used to steal things like your passwords and codes for any accounts you use online. Officials in Ukraine recently arrested a group of people who were leasing a portion of the Conficker worm's computers to drain millions of dollars from bank accounts in the United States.
It raises the question of whether creating or maintaining a botnet is a criminal activity, because if I break into a safe at the bank using a Black & Decker drill, is Black & Decker culpable for the way I use the tool?" he says. "That's one of the tools you could use the botnet for. With a botnet of 25,000 computers, you could break the security codes for Amazon.com, you could raid people's accounts, you could get Social Security numbers and data - there's almost no commercial security system in place that couldn't be breached by a supercomputer of tens of thousands."
The Conficker Working Group realized that the creator of Conficker had little interest in taking down the Internet or using its bot to create mass destruction. "The people behind it apparently want to use it for criminal reasons — to make money," says Bowden.
But that doesn't mean that Conficker is controlled, says Bowden. No one knows yet who controls the worm or what its intentions might be.
At any moment, Conficker could do something really threatening," he says. "[People fighting the bot] are trying to figure it out still. And every new day, as the worm makes its contacts, they generate long lists of computers that are infected - which still include big networks within the FBI, within the Pentagon, within large corporations. So they monitor it and keep track of where it's spread, and they're still working with the government to secure vital computer networks from botnets like Conficker."
How does the Conficker worm work?
Here's an illustration of how the Conficker worm works.
Just How Does the this Bummer Get into my Computer?
Depending on the specific variant, the worm may spread via LAN, WAN, web, or removable drives, and by exploiting weak passwords. Conficker disables several important system services and security products, and downloads arbitrary files.
Computers infected with the worm become part of an "army" of compromised computers and could be used to launch attacks on websites, distribute spam, host phishing websites, or carry out other malicious activities.
How to Prevent the Virus from Entering your Computer
Use strong passwords that are unique for all computers/websites/email, etc..
Do not log on to computers by using Domain Admin credentials or credentials that have access to all computers. (Ask your favorite computer geek about this.)
Make sure all systems have the latest Microsoft (Start button then click on All Programs and Windows Updates and Anti-Virus security updates applied. This is the easiest prevention tool.
Always accept Microsoft Updates and check to see your Anti-Virus is up to date (you should see an icon on the bottom right of your screen near time).
Very Important: Disable the Autoplay features. When you put a CD, flash drive or other USB devices a window pops up asking what program you want to open, this is not good. See below how to disable AutoPlay.
To Disable AutoPlay (Win 7):
- Click on Start icon, click on Control Panel, click on AutoPlay.In the next window, uncheck the Use AutoPlay for all media and devices. Click Save.
Disable AutoRun in Win XP: From: Typhoonsoftware.com
In Windows XP you can control how each type of CD/DVD is handled. If you are having trouble with CDs autoplaying then you might have one of the media types set to 'Take no Action'. You can restore the default settings by doing the following:
1. Double-click on the My Computer icon on your Desktop.
2. The following window will open up. Right click on the drive that you want to configure and select Properties.
3. The following window will open up, click on the AutoPlay tab and you will notice a drop-down box listing the different types of media you can alter the autoplay settings for. Just click on the Restore Defaults button to place the settings for each media type back to the default behavior. If the button is greyed out, it means the default behavior is already set.
4.If you find this still doesn't help you can download the AutoPlayConfig program to enable/disable autoplay on your system.
How to Remove the Conficker Virus
The Microsoft Malicious Software Removal Tool (MS Malicious Software Removal Tool Download ) checks computers running Windows 7, Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom—and helps remove any infection found. At the end of this column
I list 10 free removal tools for the Conficker nightmare, just for the fun of it.
This is a real life computer problem that YOU will have to be responsible for on YOUR computer. For those of you who don’t like Windows Updates, do you prefer to be a part of the Conficker destruction party? You will be very sad to be part of the Conficker botnet.
If Windows Updates mess up your computer (and I know they do.) visit your favorite computer geek and have them fix it. Keeping your computer clean is like doing something to prevent global climate change, only defeating Conficker will prevent world war III on the Internet.
ON TO SOMETHING FUN!
Let's move past Conficker and get back to something delightful and funny. I'd like you to send me your favorite YouTube videos. I'll create a column from your whims and fancies and when it's put on sanjuanislander.com you can find immense pleasure surfing the San Juans Favorite Videos!
MORE CONFLICKER REMOVAL TOOLS
Here is a comprehensive list of ten conficker removal tools (freeware):
1.Free Virus Removal Tool for W32/Conficker (aliases W32/Downadup, W32/Kido) Worm From ProtectorPlus
Free Virus Removal Tool by ProtectorPlus for W32/Conficker (aliases W32/Downadup, W32/Kido)
Worm is a small utility that will help you easily detect and remove all the variants of W32/Conficker worm from your personal computer.
2.McAfee AVERT Stinger Conficker
This is special edition of McAfee AVERT Stinger Conficker which is updated on a daily basis to include any undetected Conficker variants from the wild. Please ensure that your copy of Microsoft Windows is patched and security software is fully up to date.
3.Sophos Conficker Clean-up Tool
The Sophos Conficker cleanup utility will allow you to detect, isolate and, then, of course, remove the Conficker virus from a single workstation.
4.W32.Downadup Removal Tool From Symantec
Freeware removal tool that will scan and clean a computer infected with the W32.Downadup virus / W32.Downadup.B virus.
This tool is designed to remove the infections of W32.Downadup and W32.Downadup.B.
5.BitDefender Win32.Worm.Downadup Removal Tool
A virus removal tool that searches for Downadup service in all possible infected items.The Anti-Downadup application was designed to be a virus removal tool that searches for Downadup service in all possible infected items.
6.Conflicker worm removal too from Microsoft
This tool checks various Windows versions including Windows XP, Windows Vista, Windows 2000 and Windows Server 2003 for the infection. The tool also checks for other serious worms such as Blaster, Sasser and MyDoom. The tool reports the removal of any of these infections after it have finished running. No other interaction is required from the user, just run once and its fixed!
7.Eset Win32/Conficker Worm Removal Too v1.0
Eset Win32/Conficker Worm Removal Tool can remove Win32/Conficker.AA worm. Win32/Conficker.AA is a worm that spreads via shared folders and on removable media. It connects to remote machines in attempt to exploit the Server Service vulnerability.
Safely remove the Conficker Worm, including Conficker.A and Conficker.B variants, from your system.
8. Enigma's Conficker Removal Tool
This tool scans your entire system to detect and remove Conficker Worm from your computer without causing damage to your system files.
Special tools made by Kaspersky Lab to remove Conficker virus. This tools is the third revision from Kaspersky. This tools able to detect and remove the kido C / III version. Feature that added on this latest version are, able to detect and remove Scheduled task, and able to recover system restore.
The superiority of this tool is its ability to recover DNS Query function without restarting computer. This Tools is running at the command prompt.
Unlike the Symantec tools, this tools only scanning on a certain path that suspected of being infected by conficker, that's made the scanning time becomes faster.
10.Fix Downad (Trend Micro)
Tools made by Trend Micro to clean conficker virus, unfortunately this tools does not include a database when downloaded, so we need to download its database first. The database can be used for scanning of another virus / worm, so this tool can also clean another virus.
If other tools consist of only one file, this tool has some application file that consists of: a checking database file, check scheduled task file, checking the windows patch file, virus checks, registry checks and services checks. Even if it consists of many files, we just need to one run bat file (batch file), which will then execute the other file.
PREVENTION IN PLAIN ENGLISH, JUST ONE MORE TIME!!!!!
To prevent infection it's recommended to do the following:
* Apply the MS08-67 patch
* Disable file and print sharing
* Strengthen your password
* Turn off autorun for USB devices
* Apply a device control policy
* Finally, you should use network access control (NAC) to check that patches, anti-virus and firewall are installed, running and up-to-date.