Sephem's Ubulwembu (web) Blog » Security

4 steps for Conficker peace

Sephem — Tue, 31 Mar 2009 22:50:31 +0000

If you’re confused about all the Conficker chatter everywhere, as an SME (Small & Medium Enterprise) owner or home user there are some simple steps you can take to be safe. Rest assured, if these instructions sound too complicated, we’re happy to help with these issues either on-site or remotely through the magic of the telephone and screen-sharing technology.

These four steps are important to take no matter what your situation is! Think of them like taking your immunizations before you travel to a developing nation. The Internet IS a developing nation!

Take action now to protect from Conficker.c (aka Downadup)

Sephem — Mon, 30 Mar 2009 13:26:28 +0000

The time has come to be proactive against Conficker.c as it is due to become active on 1 April 2009. It would be far more beneficial for you to try and remove any trace of this nasty before it becomes active as one of its traits is to block access to any tools that could be used to remove it including blocking access to anti-virus updates.

Make sure that you run the free scans available from
BDtools.net
Sophos

For more information please read the following.
http://www.ubulwembu.com/2009/03/23/conficker-powerfull-or-powerless/
http://blogs.computerworld.com/the_conficker_worm_on_60_minutes
http://www.theregister.co.uk/2009/03/26/conficker_activation_analysis/
http://www.sophos.com/blogs/gc/g/2009/03/27/hype-april-fools-day-conficker-worm/

Conficker: Powerfull or Powerless?

Sephem — Mon, 23 Mar 2009 17:46:46 +0000

Conficker was first seen in October 2008, but has gone through a few variants called conficker.a conficker.b and now the one to be activated on 1 April 2009 called conficker.c

Is this new variant going to be a crisis in the world of computers, or is it just going to flop like a bad April fools joke?

The conficker worm spreads itself primarily through a buffer overflow vulnerability in the Server Service on Windows computers. The versions of windows that are affected are Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, and even Windows 7 Beta. The security bulletin can be read here.

Once it is activated, it does a few things, like disabling some services like Windows Defender, Windows security center and windows automatic update service.

It also connects to a server over the internet and gets some instructions that can gather information, install other malware amongst other things.

According to The New York Times,

An estimated 12 million or more machines have been infected. However, many have also been disinfected, so a precise census is difficult to obtain.

There is still little consensus as to whether conficker.c is going to be something or nothing, so we will just need to wait and see.

It is highly suggested to keep your windows up to date and to make sure that your anti-virus has the latest definitions.

Due to the fact that the new version of conficker has highly evolved means of removing most anti-virus software packages, being able to disable Microsoft’s Automatic update service, open ports on firewalls and to even block access to the update services of most security software it is highly advised to download some removal tools before the anticipated date of activation.

Here are a few links to some removal tools.

Microsoft® Windows® Malicious Software Removal Tool
Symantic W32.Downadup Removal Tool
Sophos Tool

For a more details report on Conficker, take a look at SRI Internationals Technical report at http://mtc.sri.com/Conficker/