"Conficker" Virus Attacks Tomorrow!
It was announced back in January that a new worm by the name of "Conficker" was found infecting million of Windows machines. This virus, which has been lying dormant on PCs everywhere, will attack tomorrow.
Pfft, I'm sure I'm not infected.
Don't be so certain. F-Secure is calling the attack's scope "amazing," having infected 6.5 million PCs in four days, and compromising almost 9 million total computers in its first two weeks on the Internet. Such a widespread outbreak has not been seen in many years.
Really? How could I have contracted this horrible virus?
Conficker gets into your system through a bug in a service that runs on Windows Server family operating systems. This means that if you use Windows 2000, Windows XP, Windows Vista, Windows Server 2003, or Windows Server 2008, you have been vulnerable to this worm.
Microsoft did release a security patch for this exploit back in October, but some reports say that up to half of vulnerable Windows machines have not been updated to use the latest security updates. Did you? Do you remember if you did? I do not.
Dammit. Maybe I do have it. What does this thing do?
Simply put, Conficker is a worm and what it does is try to spread to other machines. It has a few ways of spreading to other systems, but the most powerful way, which sidesteps many of the known security solutions as well as disabling Windows Automatic Update, Windows Security Center, Windows Defender, and Windows Error Reporting, does not activate until April 1st (tomorrow!).
So, if you have it now, it probably tried to spread to some other machines. If you have it tomorrow, your security is screwed and you're going to be contributing to a much more massive spread than the current epidemic. It is also rumored to be able to download new malware to your system.
Whoa! How do I get rid of it?
I thought you'd never ask.
To start with, get the update from Microsoft that fixes the security hole. Otherwise, you're just going to be infected again tomorrow. In fact, everyone should make sure they have this to immunize themselves!
To actually clean the virus, use the Malicious Software Removal Tool from Microsoft, or (if you think Microsoft software is malicious enough) you can get a cleaning tool from Symantec.
Aliases and More Information
Conficker is also known as W32/Conficker, "Downup", "Downadup", and "Kido". How do people come up with these things?
More information is available from McAfee at their Virus Alert page.
Subscribe to this category
ok is this gonna effect macs??
March 31st, 2009 at 8:42 PM
Nope, Macs are safe
The security exploit was Windows-only.
March 31st, 2009 at 8:47 PM
At least my Ubuntu desktop will be safe.
Is there any legitimate use of RPC, or is it there just for hacker amusement?
March 31st, 2009 at 10:32 PM
Hah, yes, there are legitimate uses of RPC. Unfortunately, they are typically rooted in developer laziness. Anything you can do with RPC, you could do with something that is worlds more secure, such as a SOA approach.
It does let people develop quickly, so I won't count out my love for hubris, but I'd be willing to bet that there are more successful RPC exploits than there are successful commercial RPC implementations.
March 31st, 2009 at 10:48 PM