How to avoid prowling Conficker virus
Computer users beware, security experts have warned that the
deadly Internet worm Conficker C is all set to strike back on April 1.
According to Graham Cluley of security firm Sophos, Conficker C is programmed
"to hunt for new instructions on April 1".
In January, the virus had infected more than nine million computers worldwide
and was spreading at a rate of one million machines daily.
Here's all about this virus: what it does, how it spreads, symptoms that you have
been hit and also how to escape it.
One of the biggest virus
The malicious software had yet to do any noticeable damage,
prompting debate as to whether it is impotent, waiting to detonate, or a test
run by cybercriminals intent on profiting from the weakness in the future.
"This is enormous; possibly the biggest virus we have ever seen,"
said software security specialist David Perry of Trend Micro. "I think the
bad guys are field testing a new technology. If Conficker proves to work well,
they could go out and sell malware to people. There is a huge market for
selling criminal malware."
How it spreads
According to security experts, Conficker's most intriguing
aspect is its multipronged attack strategy: It can spread three different ways.
One is a vulnerability in Windows that Microsoft patched almost six months ago.
The bug, which is in a file-sharing service that's included in all versions of
the operating system, can be exploited remotely just by sending a malformed
data packet to an unpatched PC.
Two, the worm can spread by password attacks, and third by copying itself to
any removable USB-based devices such as flash drives and cameras. Anti-virus
experts have warned that the worm can be easily spread between unprotected
computers through the use of removable drives, such as USB sticks.
How to know that my PC has been hit?
Microsoft's advisory about Conficker lists several symptoms
of infection, including these:
* Account lockout policies are being tripped.
* Automatic Updates, Background Intelligent Transfer Service (BITS), Windows
Defender, and Error Reporting Services are disabled.
* Domain controllers respond slowly to client requests.
* The network is congested.
* Various security-related Web sites cannot be accessed.
In case your PC is showing any of these symptoms Microsoft recommends that you
immediately use the MSRT to clean the machine. Users can download MSRT from
Microsoft's site, or follow the instructions posted at its support site.
How damaging it is?
Once in a computer it digs deep, setting up defenses that
make it hard to extract. The worm leaves the computer vulnerable to further
exploitation by hackers and spammers, who are able to remotely download more
malicious programs onto the computer, or even use the worm to help install
software that will enable them to track and steal security information, such as
banking logins or credit card information.
Malware could also be triggered to turn control of infected computers over to
hackers amassing "zombie" machines into "botnet" armies.
"Here we are with a big, big outbreak and they keep revamping their
methodology to increase the size of it," Perry said. "They could be
growing this huge botnet to slice it up and sell it on the criminal
market."
Cracks passwords
A troubling aspect of Conficker is that it harnesses
computing power of a botnet to crack passwords. Repeated "guesses" at
passwords by a botnet have caused some computer users to be locked out of files
or machines that automatically disable access after certain numbers of failed
tries.
"Conficker uses brute force from the infected network of botnets to break
the password of the machine being attacked," Perry said. "That is
something never seen before and I find it disturbing.
Most vulnerable machines
According to Microsoft, unpatched Windows 2000, Windows XP
and Windows Server 2003 machines are at the greatest risk. There are also
reports from security companies, which highlight the danger to PCs running
Windows XP Service Pack 2 and XP Service Pack3. Incidentally, these versions
account for the bulk of Windows' market share.
Unpatched Windows Vista and Server 2008 systems are less likely to fall victim
to these attack, since hackers need to authenticate access to the computer, in
other words know the log-in username and password.
How to escape the worm
Microsoft advises people to stay current on anti-virus tools
and Windows updates, and to protect computers and files with strong passwords.
Microsoft issued a new series of security patches to try and help computer
users defend their machines against the worm.
Security experts urge people to harden passwords by mixing in numbers,
punctuation marks, and upper-case letters. Doing so makes it millions of times
harder for passwords to be deduced.
"This is necessary in a world where malware hacks passwords," Perry
said. "Go get a notebook, keep it next to your computer and record your
password in it. No hacker in the world can hack the written page locked away in
your office."
'Solution promised'
As antivirus companies worldwide scramble to erect defences
against the Conficker C worm, an Indian company has successfully found a way to
beat the computer worm. MicroWorld Technologies' security solution claims to
not only detect, but also eliminate Conficker C and block any further attempts
by the worm to reinstall itself on the system.
Govind Rammurthy, CEO & MD, MicroWorld Technologies said, "A
three-pronged strategy is needed to tackle Conficker C an updated antivirus
software, firewall protection on each and every computer in the network and the
latest Microsoft patches."
MicroWorld's recently launched eScan version 10 software also incorporates
daily updates against the Conficker virus, which the company built after buyers
of previous versions complained of Conficker attacks.
"Most companies don't treat antivirus updates seriously. That, and having
a common firewall for the entire network, leaves them vulnerable to
attacks," Rammurthy says. Because the Conficker worm downloads fresh
versions of itself on an hourly basis, eScan 10 is updated 8-9 times daily. It
also provides each computer with its own firewall, thus screening every
software that seeks access to the computer and automatically downloads key
patches released by Microsoft.
KAWAL YOUR TECH GURU - INFOTECH
Get the latest update for your P.C, Tips & Advice for better P.C, Safety Advices and Much much more.