How to
detect Conficker PC virus
Researchers have discovered the first easy way to detect the
presence of the Conficker computer worm on networked computers, just
days before the worm is scheduled to morph into a new form
that could seriously compromise millions of computers, PC magazine reported.
Approximately 10 million computers are believed to be infected by the Conficker virus, which is programmed to contact its creators April 1 and receive new instructions that could create a massive spam-spewing botnet, or other actions that could compromise millions more machines.
The deadline has prompted fears of a Y2K-like occurrence, though most experts say that similar to the meltdown fears at the turn of the century, Conficker's April 1 deadline will hardly be noticed by most computer users.
The virus can infect PC's running Microsoft's Windows operating system, but Microsoft issued a patch to fix the vulnerability last October.
However millions of computers that are running pirated versions of Windows are unpatched. Computers on corporate networks are also thought to be vulnerable, because of the difficulties faced by system administrators in identifying and neutralizing the Conficker worm.
|
|
Approximately 10 million computers are believed to be infected by the Conficker virus, which is programmed to contact its creators April 1 and receive new instructions that could create a massive spam-spewing botnet, or other actions that could compromise millions more machines.
The deadline has prompted fears of a Y2K-like occurrence, though most experts say that similar to the meltdown fears at the turn of the century, Conficker's April 1 deadline will hardly be noticed by most computer users.
The virus can infect PC's running Microsoft's Windows operating system, but Microsoft issued a patch to fix the vulnerability last October.
However millions of computers that are running pirated versions of Windows are unpatched. Computers on corporate networks are also thought to be vulnerable, because of the difficulties faced by system administrators in identifying and neutralizing the Conficker worm.
KAWAL YOUR TECH GURU - INFOTECH
Get the latest update for your P.C, Tips & Advice for better P.C, Safety Advices and Much much more.
According to PC magazine, researchers have now found a way to identify infected
computers on the network. The technique works by identifying unusual error
messages that are generated when infected computers are contacted over a
network.
The report said that major enterprise security software systems such as those from McAfee and nCircle have been updated with the new information.
The report said that major enterprise security software systems such as those from McAfee and nCircle have been updated with the new information.
Fearing Conficker? Here's what to do
The Conficker worm, a nasty computer infection that has poisoned millions of PCs, will start ramping up its efforts on Wednesday to use those machines for cybercrimes.
It's unclear whether everyday PC users will even notice, but this is as good an excuse as any to make sure your computer is clean.
There are some easy ways to figure out whether a computer has the Conficker worm, and free tools available for getting rid of it.
How it spreads
One scary thing about Conficker is that it spreads without human involvement, moving from PC to PC by exploiting a security hole in Microsoft Corp's Windows operating system.
The hole was fixed in October, but if your computer doesn't get automatic updates from Microsoft, you could be vulnerable.
Disables anti-virus sites
Lots of computer worms disable antivirus software outright, which can be a tip-off that something is wrong. But Conficker doesn't do that.
Instead, Conficker blocks infected PCs from accessing the antivirus vendors' and Microsoft's websites, so victims won't get automatic updates and can't download the Conficker removal tools that those companies have developed.
Tracing Conficker
So see what websites you can visit. If you can navigate the Internet freely except for sites owned by Microsoft or antivirus vendors such as Symantec Corp, McAfee Inc or F-Secure Corp, your PC might have Conficker or a similar bug.
Free removal tools
Fixing the problem gets a little trickier. The best remedy is to have a friend -- whose computer is not infected -- download a removal tool from Microsoft or one of the antivirus vendors. Then that person should email the tool to you.
A list of the free Conficker removal programs is available on the website of the Conficker Working Group, an alliance of companies fighting the worm. The removal programs will take care of themselves, for the most part, scanning your system and purging the worm.
A must do: Change file name
One thing to note: Conficker blocks infected machines from running removal tools with "Conficker" in the name. So users might have to change the name of the file (one you've saved the tool to your desktop, right-click on it and select ``rename'') before running it.
The program's instructions will let you know if you need to do this. Many antivirus vendors have already changed the names in their removal tools -- in some cases calling the file a misspelled variant of "Conficker" -- to trick the worm into letting the program run.
Beware, evades detection!
Businesses have a bigger challenge, because Conficker has yet another method for evading detection. Once the worm is inside a machine, it applies its own version of the Microsoft patch that fixes the vulnerability Conficker exploited in the first place.
So a business running a standard network scan, looking for unpatched machines, might come up empty-handed, even though some computers on the network are infected.
The scans need to take a deeper dive into the machines on the network, something an antivirus vendor's service should enable
The Conficker worm, a nasty computer infection that has poisoned millions of PCs, will start ramping up its efforts on Wednesday to use those machines for cybercrimes.
It's unclear whether everyday PC users will even notice, but this is as good an excuse as any to make sure your computer is clean.
There are some easy ways to figure out whether a computer has the Conficker worm, and free tools available for getting rid of it.
How it spreads
One scary thing about Conficker is that it spreads without human involvement, moving from PC to PC by exploiting a security hole in Microsoft Corp's Windows operating system.
The hole was fixed in October, but if your computer doesn't get automatic updates from Microsoft, you could be vulnerable.
Disables anti-virus sites
Lots of computer worms disable antivirus software outright, which can be a tip-off that something is wrong. But Conficker doesn't do that.
Instead, Conficker blocks infected PCs from accessing the antivirus vendors' and Microsoft's websites, so victims won't get automatic updates and can't download the Conficker removal tools that those companies have developed.
Tracing Conficker
So see what websites you can visit. If you can navigate the Internet freely except for sites owned by Microsoft or antivirus vendors such as Symantec Corp, McAfee Inc or F-Secure Corp, your PC might have Conficker or a similar bug.
Free removal tools
Fixing the problem gets a little trickier. The best remedy is to have a friend -- whose computer is not infected -- download a removal tool from Microsoft or one of the antivirus vendors. Then that person should email the tool to you.
A list of the free Conficker removal programs is available on the website of the Conficker Working Group, an alliance of companies fighting the worm. The removal programs will take care of themselves, for the most part, scanning your system and purging the worm.
A must do: Change file name
One thing to note: Conficker blocks infected machines from running removal tools with "Conficker" in the name. So users might have to change the name of the file (one you've saved the tool to your desktop, right-click on it and select ``rename'') before running it.
The program's instructions will let you know if you need to do this. Many antivirus vendors have already changed the names in their removal tools -- in some cases calling the file a misspelled variant of "Conficker" -- to trick the worm into letting the program run.
Beware, evades detection!
Businesses have a bigger challenge, because Conficker has yet another method for evading detection. Once the worm is inside a machine, it applies its own version of the Microsoft patch that fixes the vulnerability Conficker exploited in the first place.
So a business running a standard network scan, looking for unpatched machines, might come up empty-handed, even though some computers on the network are infected.
The scans need to take a deeper dive into the machines on the network, something an antivirus vendor's service should enable