Jan 17

Written by:
2009/01/17 10:00 AM 

Businesses worldwide are under attack from a highly infectious computer worm that has infected almost 9 million PCs, according to anti-virus company F-Secure.

“This malware mostly spreads within corporations but also was reported by several hundred home users. It opens a random port between port 1024 and 10000 and acts like a web server. It propagates to random computers on the network by exploiting MS08-067. Once the remote computer is exploited, that computer will download a copy of the worm via HTTP using the random port opened by the worm. The worm often uses a .JPG extension when copied over and then it is saved to the local system folder as a random named dll. It is also interesting to note that the worm patches the vulnerable API in memory so the machine will not be vulnerable anymore. It is not that the malware authors care so much about the computer as they want to make sure that other malware will not take it over too.”

Since this could be anything from a password stealer to remote control software, a Conflicker-infected PC is basically under the complete control of its attackers.

The Conficker Worm spreads in three basic ways:

1. It attacks a vulnerability in the Microsoft Server service. If your computers does not have the October patch it can be remotely attacked and taken over.
2. Conficker tries to guess or 'brute force' Administrator passwords.
3. The Conficker Worm infects removable devices and network shares with an autorun file This then executes as soon as a USB drive or other infected device is connected to a victims PC.

How do I protect myself against such worms and viruses?

Firstly, most of these virus are more dangerous too and are prone to attack business networks. They rely on the vast matrix of connectivity to spread to machine after machine. Because the bigger corporations have a lot of red tape when it comes to updates of their software. They are at greater risk. Once a PC on the network is infected, it often has open access to spread to other PC's on the network.

Home based PC's on the other hand are most likely protected by some sort of firewall. They are also generally most likely to be updated often, as most users allow Microsoft's and other vendors, like anti-virus software  updates to run automatically in the background. So most recent updates are most likely to have been installed. If not, make sure you have all the latest updates and patches.

Make sure that your updated anti-virus is actually running. Many gamers turn off their anti-virus to get more speed out of their machines. But often forget to turn it back on when done. This is also a huge vulnerability, as many gamers would be connected via LAN. With anti-virus and firewalls disabled. With the unknown security status of other machines on the LAN. This then becomes a prime breading ground for such viruses and worms.

Turn off  or disable "Autorun" so that a PC won't suffer automatic attack from an infected USB drive or other removable media when it's connected.

Oh, and make sure you run a quick scan right now, just to be sure. If you have already done that, do it again. Like the Irish say, to be sure to be sure.

Have you or you company been infected by the Conficker Worm? What other viruses or worms have been a real problem for you in the past?

Drop us a note and let us know.

 

blog comments powered by Disqus