In the midst of concerns about the possiblity of the Conficker worm spreading over networks today, McAfee has prepared a set of guidelines for PC-users to take proactive steps against becoming victims of the infection. The security technology company has also provided detection and removals tools on its website. Here are some basic steps on how to detect a Conficker infection and what one can do to prevent or remove the worm. Also included are additional tips and links to removal tools provided by other anti-virus software providers.
The Conficker worm (also known as Downup/Downadup/Kido) takes advantage of a security flaw in Microsoft's Windows operating system to spread itself. Microsoft provided an emergency fix for this vulnerability last October (Security Update MS08-067). Many systems remained unpatched or were not well protected with adequate security software. According to estimates provided to McAfee, Conficker has been managed to extend its footprint by infecting as many as 12 million Windows computers.
There are have been reports that a variant of the worm, Conficker.C, may activate on April 1 and begin another round of infections on Windows computers. Taking advantage of the vulnerability, infected computers can be controlled remotely and made to launch attacks on Web sites, distribute spam, or host phishing Web sites. Just like any other worm infection, Conficker is not easily detected and also disables security software.
Symptoms of a Conficker Infection
- Access to security-related sites is blocked - Users are locked out of the directory - Traffic is sent through port 445 on non-Directory Service (DS) servers - Access to admininistrator shared drives is denied - Autorun.inf files are placed in the recycled directory, or Recycle Bin
Detect, Remove and Prevent Infection - It is imperative to install Microsoft's patch which is available on the Security Update MS08-67 page -- this will prevent the worm from reinstalling itself. Install this patch on Windows-based computers in the network.
- Symantec recommends users to turn off 'autorun' so as to prevent the infected file from executing. This will reduce the possibility of getting infected by flash drives. Symantec's removal tool is available on their Removal Tools page. F-Secure provides a detailed report on the infection and a tool for removing Conficker. Sophos has also created a removal tool on its website.
- Microworld recommends that administrators apply password policies in network groups to mitigate infections caused by Conficker/Downadup. Users can also try the Microworld Free AntiVirus Toolkit Utility (MWAV) to scan for viruses and infections. The utility includes the ability to detect and remove the Conficker worm. If a user's PC is already infected, download the utility to an uninfected flash drive and run the tool on the computer. This utility does not need to be installed, it will directly run on the computer.
- If access to security-related sites is blocked, users must search download McAfee's 'Avert stinger' tool for removing Conficker from an uninfected computer and save it on a USB pen drive. The Avert stinger tool is available for download at http://www.mcafee.com/us/threat_center/conficker.html
- Install an up to date anti-malware solution is also recommended to detect any future infections.
In continuation to Part 2 of this series "How to Take Your Biz Online and Beyond", Abhishek M. Gupta, VP (Technology) of Lime Spot Technology, in Part 3, discusses how to increase traffic by by "affiliate marketing". Read on...
del.icio.us
Digg.com
MyWeb
Newsvine.com
