Is the Internet coming to the end on April 1? Will your computer crash and burn if you are online on that day?
The answer to both questions is NO.
Has there been a lot of hype about Conficker and April 1? Yes, there has and it will likely continue. Earlier this week I added to the Conficker hype in Time is of the essence. Why am I concerned about the health of your computer? Consider the known capabilities of the current Conficker variants, as described at Security Focus,
". . . the worm program blocks security software, distributes code by creating a peer-to-peer network, and attempts to prevent anyone but the authors from updating its code by authenticating updates using a hash algorithm — known as MD6 — that is only a few months old. The collection of those capabilities worried the researchers."With that in mind, there is reason to worry if you or your friends have file sharing turned on, use P2P (Peer to Peer) programs, or share information via USB (thumb) drives.
Let's start with file sharing
If you have file-sharing turned on and become infected, the Conficker worm could allow remote code execution. In other words, the worm would take control of your computer. Microsoft KB Article 307874 includes instructions for turning off file sharing. Also available is a Microsoft Fix it to make the change for you.
Disable Autorun
USB/thumb drives use autorun to load files when the drives are plugged into the USB port. To prevent malware from spreading to your computer, disable autorun. The How-to Geek has simple instructions for disabling autorun on both Windows XP and Windows Vista:
This from Microsoft: How to disable the Autorun functionality in Windows
Other reasons to be concerned is the state of security protection.
Check Security Updates
Although it is recommended that all security updates be installed on your computer, at a minimum, ensure that "Security Update for Microsoft Windows (KB95688)" is installed:
- Windows XP: Start > Windows Update > Other options > View installation history
- Windows Vista: Programs > Programs and Features > Installed Updates
Firewall
Surprisingly, there are still too many people on the internet without a software firewall. If this is true for your computer, at a minimum, activate the Windows Firewall. For help with this, go to How can I turn on or turn off the firewall in Windows XP Service Pack 2 or later versions?
Antivirus Software
Both Avast! and Avira AntiVir are free for personal use. If you do not have an antivirus software, install one now.
Pay It Forward
Conficker has affected the operation of hospitals, military, large corporate systems, and even the House of Commons. (There is a long list of articles below from The Register if you are interested in the extent of the impact of the various variants of this worm.) New readers of Security Garden may not be familiar with "Pay It Forward:
"3 people helped each day, ‘paid forward’ by each person helps 4.7M people in two weeks."If each Security Garden reader checks with one or two of their friends and they in turn check with their friends, to make sure the computer(s) in their home have file sharing disabled, are updated, have a firewall and up to date antivirus software, worms like Conficker will have less of a chance of spreading.
Whether it is the best or worst case scenario as depicted at Security Focus, don't let your friends be part of this:
Help from Microsoft:" 'In the best case, Conficker may be used as a sustained and profitable platform for massive Internet fraud and theft," wrote Phillip Porras, Hassen Saidi and Vinod Yegneswaran, all of SRI International. "In the worst case, Conficker could be turned into a powerful offensive weapon for performing concerted information warfare attacks that could disrupt, not just countries, but the Internet itself.' "
- Computer Worms - Conficker
- How can I turn on or turn off the firewall in Windows XP Service Pack 2 or later versions?
- How to disable the Autorun functionality in Windows
- How to disable simple file sharing and how to set permissions on a shared folder in Windows XP
References:
- Conficker's capabilities worry researchers
- Don’t get taken in by the Conficker panic
- Is Conficker overhyped?
- Leaked memo says Conficker pwns Parliament
- Overflow
- Questions and Answers: Conficker and April 1st
- Leaked memo says Conficker pwns Parliament (27 March 2009)
- Final countdown to Conficker 'activation' begins (26 March 2009)
- Scottish hospitals laid low by malware infection (9 March 2009)
- Conficker gets upgraded with defenses (7 March 2009)
- Conficker call-backs threaten to swamp legit domains (2 March 2009)
- Conficker variant dispenses with need to phone home (23 February 2009)
- MS puts up $250K bounty for Conficker author (12 February 2009)
- Houston justice system laid low by Conficker worm (9 February 2009)
- Conficker botnet growth slows at 10m infections (26 January 2009)
- Countdown to Conficker activation begins (23 January 2009)
- Conficker Autoplay ruse gets teeth into Windows 7 (20 January 2009)
- Conficker seizes city's hospital network (20 January 2009)
- MoD networks still malware-plagued after two weeks (20 January 2009)
- Three in 10 Windows PCs still vulnerable to Conficker exploit (19 January 2009)
- Superworm seizes 9m PCs, 'stunned' researchers say (16 January 2009)
- Prolific worm infects 3.5m Windows PCs (15 January 2009)
- Selfish worm targets month-old Windows flaw (26 November 2008)
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Wow. Thanks Corrine. You helped me before on the freedomlist board, so I've been following your blog and taking your advice.
ReplyDeleteIt hasn't been a good few months for security (At least not for me), hopefully this will help, and I'm planning to send it to my friends as well.
Have you heard anything about scanner . avbest . info? (without spaces) Apparently a lot of people (myself included) got their browsers hijacked and forced to download something from it yesterday. I unplugged my computer from the net when it wouldn't go away, and the antivirus didn't find anything, but I am scanning with MBAM today to see if anything was compromised.
Thanks again,
Phill
Hi, Phill. You are welcome.
ReplyDeleteThere isn't much (in English) showing up on a search for avbest. If you are having security issues with your computer after the MBAM scan, why not create a new topic at FL and post a HJT log. Include the results from the MBAM scan.
Nothing came up with the MBAM scan, so I guess I stopped it from downloading anything. Thank you for offering to help again! :)
ReplyDeleteWell all I'm gonna say is thanx for not only the entire info provided (with sufficient details)
ReplyDeletebut more importantly for how to deal in case any security lapses were pre-existent.
Your efforts are really commendable.
Just minutes before now I removed an infection from my system with someone else's help just like yours.The only difference being, "Prevention is better than cure."
Hope you got the point.
Anyways thanks so much.May I request you to keep up the good work.
ironically, even if someone used Conficker to steal my credit card info, there wouldn't be any credit there for them to exploit or spend
ReplyDeleteThis is all real nice, but exactly where is this file located in the xp system? And maybe even the file names that are suspect.. just asking, so I can go in and get them out. Lets make this easy.
ReplyDeletevery useful and interesting information.
ReplyDelete