Strap in folks as this is a nasty little virus.
A new sleeper virus that could allow hackers to steal financial and personal information has now spread to more than eight million computers in what industry analysts say is one of the most serious infections they have ever seen.
The Downadup or Conficker worm exploits a bug in Microsoft Windows to infect mainly corporate networks, where — although it has yet to cause any harm — it potentially exposes infected PCs to hijack.
How serious is it?
It is the most serious large scale worm outbreak we have seen in recent years because of how widespread it is, but it is not very serious in terms of what it does. So far it doesn’t try to steal personal information or credit card details.
Who is affected?
We have large infections in Europe, the United States and in Asia. It is a Windows worm and almost all the cases are corporate networks. There are very few reports of independent home computers affected.
What does it do?
It is a complicated worm most likely engineered by a group of people who have spent time making it very complicated to analyze and remove. The real reason why they have created it is hard to say right now, but we do know how it replicates.
How does it spread?
The worm does not spread over email or the Web. However if an infected laptop is connected to your corporate network, it will immediately scan the network looking for machines to infect. These will be machines that have not installed a patch from Microsoft known as MS08-067. The worm will also scan company networks trying to guess your password, trying hundreds and hundreds of common words. If it gets in, even if you are not at your machine, it will infect and begin spreading to other servers. A third method of spreading is via USB data sticks.
How can I prevent it infecting my machine?
The best way is to get the patch and install it company-wide. The second way is password security. Use long, difficult passwords — particularly for administrators who cannot afford to be locked out of the machines they will have to fix.
What can I do if it has already infected?
Machines can be disinfected. The problem is for companies with thousands of infected machines, which can become re-infected from just one computer even as they are being cleared.
Fear not, it can be fixed very easily with a little patience. First you will need ot make sure you have the trusty old Malwarebytes and a solid (non-McAfee) virus software package. Sorry, those of us at Homerun actually dislike McAfee…too many holes and too slow of an update pattern. Now ensure that your virus software is current and that Malwarebytes is current and ensure that all Windows updates have been run on your PC/laptop/server. Close all programs and start running Malwarebytes and let it finish. Once it is finished, remove all infected areas and reboot if nessecary. Runt he program one last time or until everything is clear. Once Malwarebytes is complete go ahead and run your virus software and let it clear any left-overs if it finds any at all.
Sorry for the delay on getting this posted but we had a case of the flou run through our office…so we were fighting our own little virus actually.
posted by: Myke Reinhold
credit: CNN, Experts Exchange, Homerun-Networks
You must be logged in to post a comment.
16. January 2009 at 15:28
“How do I know if Im infected (other than scanning)?”
Other than running a scan with Malwarebytes or other non McAfee virus software package, how can you tell if your infected.
Unfortunately, I’m an administrator and use McAfee. Is there any traffic I can scan for on my firewall or any processes I can lookfor?
20. January 2009 at 21:50
ohiobearsfan - Good question actually. This nasty little virus basically hitches a ride very quietly. The best way to know if you are infected is to run a good antivirus product. Symptoms that may indicate you are infected include your being blocked from accessing the web sites of most security companies. So try hitting symantec or f-secure or even mcafee. Symantec is running a great little site that talks about this virus and has some great detail actually. http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_hhobanner_conficker_worm
20. January 2009 at 21:51
update
FAQ
Q: Am I safe if I don’t go to questionable web sites?
A: No. The Conficker worm seeks out computers on the same network. You can be in a coffee shop, an airport or in the office and the worm will quietly try to attach to your computer and run itself.
Q: How do I know if I am infected?
A: The best way to know if you are infected is to run a good antivirus product. Symptoms that may indicate you are infected include your being blocked from accessing the web sites of most security companies,
Q: Can’t I just run free antivirus software?
A: Yes, but they’re not thorough or comprehensive. While some of the legitimate free antivirus products aren’t bad at detecting viruses in files, theyonly provide basic protection, in general they are weak at detecting modern threats such as drive-by-downloads, malicious web sites and intrusion attempts. Worse, the internet is overflowing with fake free security scanners that actually infect your computer. Fake scanners such as “Antivirus 2008” are difficult to identify and have plagued hundreds of thousands of users around the world.