Conficker is a computer worm developed by malware authors to infect Windows computers with the vulnerability (MS08-067) and spread the infection to other such vulnerable Windows computers connected to the network without any human intervention. It is also called Downadup. It has affected millions of Windows systems and has generated a botnet like infrastructure.
How Does Conficker Virus Works to Infect Computers?
A new worm called Conficker is doing the rounds, attacking unnumbered Windows computers in the recent times. The spread of infection is going from bad to worse and is beyond control as per the reports from a security vendor. Detections of the Conficker worm are by more than 225% since the end of 2008. So it is important to check if your Windows is infected by that worm.
The malware authors schedule and direct the worm to infect the computers and to perform malicious activities on April 1. Some security experts lease certain parts of the malicious botnet to cyber criminals to use them as a spam, phishing exploits, perform identity thefts or any other malicious activities.
Like any other malware, Conficker is a combination of different features and technology methods.
5 Easy Steps to Ensure Protection from Conficker Attack
- Install the update for Microsoft Security Bulletin MS08-067
- Terminate Windows LAN service ports when not required
- Implement a strong password policy
- De-activate auto-run
- Install an effective anti-virus which is configured the right way
Microsoft Security Bulletin MS08-067
Microsoft has revealed a security bulletin about a vulnerability that can be used as an exploit and all the users are to take steps to stay ahead and protected against Conficker worm virus. Systems connected over the same network should stay updated with the latest patches that released from the Microsoft. The employees of an organization should be instructed to update their systems. The system can be infected when it is accessible on port 445/tcp. This port is mostly used to support Windows LAN services like NsetBIOS. These ports must be terminated at the network border both inbound and outbound. In case if a particular set of host requires to access these ports over the internet, they can be given permissions to access the required ports. Patching the software with latest patch updates and firewalling are not adequate enough to network completely. It requires other security techniques and approaches to give complete protection against Conficker attack.
Auto-Run, And Tricking Users into Running the Worm
The conficker worm copies itself on the accessible USB drives. When a drive is placed in a system which is not protected, the system would initiate auto-run of the worm, infecting itself. Users can protect their systems from getting infected by disabling auto-run and by turning on on-access scanning of the USB drives as a default scanning process.
It is important to use a strict password policy with complex combination numbers, letters and special characters. Also installing an antivirus software with right configuration would be an added advantage in protecting the system from such noxious worm called Conficker.