They promised an April1 mayhem but nothing happened. Those of us who were really happy should probably be a little less smug now for there is information now that the conficker may have woken upand is getting updates from its masters. It isnt currently known what the contents of the payload being delivered to the variants are.
This is how the worm works:
The worm first exploits a vulnerability that was patchedby Microsoft in October 2008 to get into a computer and then spreads by exploiting poor passwords to spread itself through networked computers (using the ADMIN$ share) and through removable disks (usb drives) using the autoplay function. Once it has infected the computer, it generally stays low, disables your windows update and antivirus update functionality and then does something no other worm has known to have – wait for a command from whoever is controlling this worm.
What can you do to see if you have this worm and how can you prevent this worm from spreading?
There are a few things you can do:
- Make sure your computer has the latest security patches.
- Make sure there arent any open shares on your computer.
- Make sure that autoplay is disabled on your comptuer.
- Use OpenDNS to prevent the worm from talking to its perpetrators.
- Ensure you have a strong password policy.
Resources to help you:
- Microsoft’s site with info on the worm.
- Microsoft’s centralized info repository about this worm.
- TechRepublic info.
What are your experiences with fighting this worm? Leave a comment.
Related posts:
Recent Comments