Despite security analysts insisting that April 1 is only a red herring, the Conficker malware hype keeps growing as April Fools' Day approaches.The worm first appeared in late November, exploiting a vulnerability in Microsoft Windows to spread unhindered on local area networks.
Its goal is to install rogue software on infected computers. Microsoft issued a patch for the vulnerability, but users that haven't installed it are open for infection as the worm spreads through portable USB flash drives.Conficker could give a hacker unrestricted access to every infected machine on the planet.
Once installed, Conficker.C implements a variety of nasty behaviors. The worm will attempt to disable Windows Automatic Update and stop access to the Windows Security Center, can detect and kill SysInternals' Process Explorer program, and will interfere with the operation of a number of other search-and-destroy programs including WireShark and SysClean.
As the speculation grows around Conficker, also known as the Downadup worm, Symantec and its Conficker Working Group partners continue researching the possibilities of the April 1 fallout from a worm that wreaked havoc on millions of computers earlier this year. So far, Symantec has determined three facts that it is sharing.
- Symantec has determined that on April 1, W32.Downadup.C, the most recent variant of the malware also known as Conficker, will begin to use a new algorithm to determine what domains to contact. No other actions have been identified to take place on April 1.
- Symantec said it's possible that systems infected with W32.Downadup.C will be updated with a newer version of the malware on April 1 by contacting domains on the new domain list. However, the security company noted, these systems could be updated on any date before or after April 1, as well by using the peer-to-peer updating method found in W32.Downadup.C.
- Symantec said, the public should not be alarmed. However, as always, computer users should exercise caution and implement security best practices into their daily computing routines.
The worm certainly is an issue of concern, but the probability of a major Downadup-related cyber event on April 1 is not likely, according to Vincent Weafer, vice president of Symantec Security Response
Not only at this point, you should be always vigilant about protecting your PC: Patch Windows completely through Windows Update and update your anti-malware software as well. Make sure your antivirus software is actually running too, as Conficker may have disabled it.
Protecting PCs from Conficker
- Apply the security update associated with MS08-067.
- Make sure you are running up-to-date antivirus
- Disable the AutoPlay feature through the registry or using Group Policies.
Microsoft released Security Advisory 967940 to notify users that the updates to allow users to disable AutoPlay/AutoRun capabilities have been deployed via automatic updating channels.
- Manually download the Windows Malicious Software Removal Tool (MSRT) onto uninfected PCs and deploy to infected PCs to clean infected systems.
- BDTools.net: Visit BitDefender's download site
- Run Secunia's Software Inspector to catch missing application patches
- Conficker Working Group's detection and repair Tools
- F-Secure Malware Removal Tool
- McAfee AVERT W32/Conficker Stinger 10.0.1.537
- Microsoft Malicious Software Removal Tool
- Sophos Conficker Cleanup Tool 1.3
- Sunbelt Software
- Symantec FixDownadup.exe | Notes
- Conficker Removal Tool 220.127.116.11
- Win32/Conficker Worm Removal Tool
- Conficker Hype and Debate Build as April Fools' Day Nears
- Conficker Worm: April Fool's Joke or Unthinkable Disaster?
- Conficker on April 1st: Eve of destruction or big joke?