Conficker is a worm that is specifically targeted at windows users(another reason why you should switch to Linux). It spreads by exploiting a vulnerability in the network stack implementation of Windows operating systems ranging from XP to newly launched Windows 7 beta. It is also known as downup and downadup. It so good(or bad) that leading Anti virus companies have formed teams to see if they can find some cure for it.
What it does?
Researchers are still working to find all its "features" but here are few that are most important:
- Disables access to all anti virus sites.
- Disables windows update
- causes congestion is LANs
- Disables Microsoft services like BITS and error reporting
- researches have just recently found that it also installs fake anti virus software for just $50.
After infecting a PC using vulnerability mentioned above it attaches itself to system start up. Then the worm (one of its variant to be specific) generates a list of 250 domain names across five top level domain names and tries to connect with those hosts to check for any available "Updates"(cool,innit?). Its different variants use different number of hosts and tlds.
Some of its variants attach themselves with removable media so as to infect new machines.The worm is spreading so fast that right now there are around 10 million computers infected with it.
How to find if you are infected?
Just check if your PC shows any of above symptoms. For example if you can connect to anti virus sites using proxies but are unable to do so directly then you are infected.
How to remove?
The worm disables system restore so it is of no use. It also terminates anti virus related processes and hence that gets eliminated as well. Use updated versions of Bitdefender of McAfee to remove this worm. Also download and install the emergency patch issued by Microsoft from here. Another suggestion is to disable AutoRun option. Another(really important) suggestion is to turn off the Administrative shares. The worm can remotely execute on your PC if these shares are enabled.
PS: Microsoft is offering $250,000 if you can only find out who released this worm. Well..........
PPS: If you want Computer security products for free then check this out.
Keywords: Free anti virus software, Conficker, downaddup, downup virus, anti virus sites blocked, Anti virus sites not accessible, sites not opening
No comments :
Post a Comment