Tactical Advice

Conficker Worm Hits Windows

An IT pro offers advice on how to manage what may be a very destructive worm.
This story appears in the December 2008 issue of BizTech Magazine.

A new worm commonly known as Conficker is taking center stage in tech news the past few days. Also known as Downadup, Kido or Conflicker, this worm exploits the Windows MS08-067 service vulnerability, which was patched by Microsoft several months ago. ABC News estimates the worm spread to more than 9 million of the world’s Windows-based computer systems. This could possibly be a threat on the scale of the legendary Melissa worm and I Love You virus. By all means, arm yourself with knowledge and take action now!

Details of the Attack

The Conficker/Downadup worm can propagate across network connections as well as USB memory devices. Because it can weasel its way into computers through USB devices, many organizations are disabling AUTORUN and AUTOPLAY for USB sticks.

The worm executes a multistage attack, in which it first makes hidden copies of itself, then takes steps to prevent cleanup; for example, blocking access to certain websites and Windows services. It then begins brute-force attacks to crack passwords. Finally, it uses a randomized URL on the Internet where unknown criminals await to receive data from infected computers. Possible URL names are so numerous—as many as 250 new URLs every day—that antivirus companies have given up trying to buy the host names to prevent the connection.

Conficker Symptoms

Is your computer acting ill? Although this tricky worm is hard to detect, Microsoft listed some symptoms you should watch out for. If your computer is infected with this worm, you might not experience any symptoms — or you might experience these:

  1. Account lockout policies are being tripped.
  2. Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
  3. Domain controllers respond slowly to client requests.
  4. The network is congested.
  5. Various security-related websites cannot be accessed.

Removal

Details and removal instructions are available from the Microsoft Help and Support website, under Article ID: 962007, located at http://support.microsoft.com/kb/962007.

If you suspect that you are infected, or simply want to take precautionary measures, BizTech suggests you update your virus definitions for whatever antivirus software you use immediately. If you do not have antivirus software, Microsoft provides a free PC safety scan which you can find here: http://onecare.live.com/site/en-us/default.htm.

BizTech also suggests you install and manually run Windows Update on all Windows-based systems. Conficker/Downadup will break Windows automatic updates, so be sure you verify that updates have been run. At the very least, you should read Microsoft Security Bulletin MS08-067 and download the Operating System–specific patch that you find there that specifically addresses the service vulnerability. There is a separate patch for nearly every Windows OS. Installation will take less than 30 seconds on average. A reboot is required. For IT professionals, in-depth technical details about the vulnerability and the patch can be found here: http://support.microsoft.com/kb/958644.

Next, we suggest you install and run the Microsoft Malicious Software Removal Tool, which can be found here: http://www.microsoft.com/downloads/details.aspx?familyid=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en. This is an after-the-fact removal solution — it is not a replacement for true antivirus software!

Finally, you may want to consider changing all network passwords. The stronger the password, the better. If you are in a domain, look for domain account lockout policies to be triggered. Conficker’s brute-force attack will no doubt be locking out accounts left and right.

Jeremy Dotson is a LAN administrator for Tronair (www.tronair.com), a manufacturer of aircraft ground-support equipment in Holland, Ohio.
Sign up for our e-newsletter

Security

Three Ways to Integrate Fire... |
Follow these tips to align the devices with log management and incident tracking systems.
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...
The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...