Is the Internet coming to the end on April 1? Will your computer crash and burn if you are online on that day?
The answer to both questions is NO.
Has there been a lot of hype about Conficker and April 1? Yes, there has and it will likely continue. Earlier this week I added to the Conficker hype in Time is of the essence. Why am I concerned about the health of your computer? Consider the known capabilities of the current Conficker variants, as described at Security Focus,
". . . the worm program blocks security software, distributes code by creating a peer-to-peer network, and attempts to prevent anyone but the authors from updating its code by authenticating updates using a hash algorithm — known as MD6 — that is only a few months old. The collection of those capabilities worried the researchers."With that in mind, there is reason to worry if you or your friends have file sharing turned on, use P2P (Peer to Peer) programs, or share information via USB (thumb) drives.
Let's start with file sharing
If you have file-sharing turned on and become infected, the Conficker worm could allow remote code execution. In other words, the worm would take control of your computer. Microsoft KB Article 307874 includes instructions for turning off file sharing. Also available is a Microsoft Fix it to make the change for you.
USB/thumb drives use autorun to load files when the drives are plugged into the USB port. To prevent malware from spreading to your computer, disable autorun. The How-to Geek has simple instructions for disabling autorun on both Windows XP and Windows Vista:
How to disable the Autorun functionality in Windows
Other reasons to be concerned is the state of security protection.
Check Security Updates
Although it is recommended that all security updates be installed on your computer, at a minimum, ensure that "Security Update for Microsoft Windows (KB95688)" is installed:
- Windows XP: Start > Windows Update > Other options > View installation history
- Windows Vista: Programs > Programs and Features > Installed Updates
Surprisingly, there are still too many people on the internet without a software firewall. If this is true for your computer, at a minimum, activate the Windows Firewall. For help with this, go to How can I turn on or turn off the firewall in Windows XP Service Pack 2 or later versions?
Both Avast! and Avira AntiVir are free for personal use. If you do not have an antivirus software, install one now.
Pay It Forward
Conficker has affected the operation of hospitals, military, large corporate systems, and even the House of Commons. (There is a long list of articles below from The Register if you are interested in the extent of the impact of the various variants of this worm.) New readers of Security Garden may not be familiar with "Pay It Forward:
"3 people helped each day, ‘paid forward’ by each person helps 4.7M people in two weeks."If each Security Garden reader checks with one or two of their friends and they in turn check with their friends, to make sure the computer(s) in their home have file sharing disabled, are updated, have a firewall and up to date antivirus software, worms like Conficker will have less of a chance of spreading.
Whether it is the best or worst case scenario as depicted at Security Focus, don't let your friends be part of this:
Help from Microsoft:
" 'In the best case, Conficker may be used as a sustained and profitable platform for massive Internet fraud and theft," wrote Phillip Porras, Hassen Saidi and Vinod Yegneswaran, all of SRI International. "In the worst case, Conficker could be turned into a powerful offensive weapon for performing concerted information warfare attacks that could disrupt, not just countries, but the Internet itself.' "
- Computer Worms - Conficker
- How can I turn on or turn off the firewall in Windows XP Service Pack 2 or later versions?
- How to disable the Autorun functionality in Windows
- How to disable simple file sharing and how to set permissions on a shared folder in Windows XP
- Conficker's capabilities worry researchers
- Don’t get taken in by the Conficker panic
- Is Conficker overhyped?
- Leaked memo says Conficker pwns Parliament
- Questions and Answers: Conficker and April 1st
- Leaked memo says Conficker pwns Parliament (27 March 2009)
- Final countdown to Conficker 'activation' begins (26 March 2009)
- Scottish hospitals laid low by malware infection (9 March 2009)
- Conficker gets upgraded with defenses (7 March 2009)
- Conficker call-backs threaten to swamp legit domains (2 March 2009)
- Conficker variant dispenses with need to phone home (23 February 2009)
- MS puts up $250K bounty for Conficker author (12 February 2009)
- Houston justice system laid low by Conficker worm (9 February 2009)
- Conficker botnet growth slows at 10m infections (26 January 2009)
- Countdown to Conficker activation begins (23 January 2009)
- Conficker Autoplay ruse gets teeth into Windows 7 (20 January 2009)
- Conficker seizes city's hospital network (20 January 2009)
- MoD networks still malware-plagued after two weeks (20 January 2009)
- Three in 10 Windows PCs still vulnerable to Conficker exploit (19 January 2009)
- Superworm seizes 9m PCs, 'stunned' researchers say (16 January 2009)
- Prolific worm infects 3.5m Windows PCs (15 January 2009)
- Selfish worm targets month-old Windows flaw (26 November 2008)
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...