Both the technical and general press are having a lot to say at the moment about the resurgence of the Conficker worm.
Conficker (aka Kido and Downadup) first appeared in late 2008 and was designed to exploit a particular vulnerability in Windows. It spread like wildfire and has captured tens of millions of computers worldwide. Among many other tricks it can perform, Conficker can gather information from the infected PCs and relay that information back to a command centre controlled by cyber-crims. It can also make use of the infected computer by turning it into a transmitter of bulk spam.
Conficker has been modified by its creators a number of times, and currently exists in versions A, B, C and D – or A, B, B++ and C – depending on which anti-malware publisher you are reading from.
The resurgence of interest in Conficker at this time is due to the fact that the worm is due to start a new phase of activity on April 1.
For those who want to know the technical details, a Google search will return a lot more than you can possibly work through. In this article I’m just going to stick with the short story in (as far as possible) non-technical terms.
My goal is to get you prepared as quickly and as simply as possible.
The most important thing to know is that if you have your version of Windows fully updated with Microsoft’s patches and updates, then you cannot get infected with Conficker. This worm relies on a Windows vulnerability that was patched by Microsoft way back in October 2008. However, if you haven’t been applying Microsoft’s patches, or if you are running a pirated copy of Windows, you are wide open to infection.
Thanks to what many consider to be a self-defeating policy decision by Microsoft, pirated copies of Windows cannot be patched. So all those millions of illegal copies of Windows floating around the world are wide open to infection, and can then contribute to the general mayhem.
The next most important thing you need to know is that there are plenty of “antidotes” for Conficker. There are dedicated Conficker removal tools, and most good anti-malware software can root it out as well.
However…
And it’s a very big “however” indeed!
If your PC is already infected with Conficker you probably won’t be able to access any of the websites that provide Conficker removal tools. This is another of Conficker’s many clever tricks.
So how do you determine whether or not your PC is already infected with Conficker?
Recently I wrote an article entitled: Child Safety: How To Set Your Own Parental Controls. Even if you have no need to child-proof your personal PC, a read of that article would be well worth your while. Take particular note of the OpenDNS service that I describe, because it is very useful in other ways as well.
OpenDNS has joined forces with Kaspersky Labs to provide a service that will tell you if your PC ever tries to connect to a website that is known to be part of the Conficker network. All you have to do is subscribe to the free OpenDNS service and use their DNS server IP addresses instead of those with which your Windows is currently configured. It may sound complex, but it’s really not. Just follow the simple instructions provided on the OpenDNS website.
Once you’ve registered for a free account, and you have configured your Windows to use the OpenDNS IP addresses, all you need do to find out if Conficker has penetrated your network is:
- Log in to your free OpenDNS account
- Select Stats on the left sidebar
- Choose Blocked Domains and filter “only domains blocked as malware.”
This will generate a list of malware sites your network has attempted to connect with, if any.
If it turns out that you are infected, you’re going to need access to a clean, uninfected PC in order to download the necessary fix-it files and transport them to your PC on some form of removable media – e.g. CD or USB thumb drive (many of the available Conficker removal files are too big to fit on a floppy).
There are many websites you could go to seeking the right tools, but be warned that there are a lot of bogus “fixes” out there that will only do you more harm. One reliable site, and as good a source as any, is BDTools.net.
Act Now!
And for goodness sake get into the habit of keeping your Windows right up to date with Microsoft’s patches. Each month I warn readers of this blog when the latest batch of patches has been released.
