Webnames.ca StaffThe Conficker worm, also known as Downup, Downadup and Kido, is scheduled to activate on April 1, 2009; however the first series of infections attributed to the Conficker worm were detected back in November 2008. A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program.
The Conficker worm is capable of preventing antivirus products from functioning effectively on infected machines. The new variant of this malicious program also generates a dramatic number of unique domain names which it then contacts to download daily updates: 50,000, in contrast to the 250 generated and contacted by previous versions of the worm. An estimated 12 million of computers have been infected worldwide.
We don’t know the purpose of the Conficker worm. As of this moment the worm has created an infrastructure that the creators of the worm can use to remotely install software on infected machines. What will that software do? We don’t know. One theory is that the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites.
The Conficker worm mostly spreads across networks. If it finds a vulnerable computer, it can do any number of the following things: turn off the automatic backup service; delete previous restore points; disable security services; block access to a number of security web sites; and open infected machines to receive additional programs from the malware’s creator. The worm then tries to spread itself to other computers on the same network.
How does a computer get infected?
The Downadup worm tries to take advantage of a problem with Windows (a vulnerability) called MS08-067 to quietly install itself. Users who automatically receive updates from Microsoft are already protected from this. The worm also tries to spread by copying itself into shared folders on networks and by infecting USB devices such as memory sticks.
What is the risk of infection?
Users whose computers are not configured to receive patches and updates from Microsoft and who are not running an up to date antivirus product are most at risk. Users who do not have a genuine version of Windows from Microsoft are also at risk since pirated system usually cannot get Microsoft updates and patches
What can you do to protect yourself?
One leading antivirus vendor, Kaspersky Lab recommends that all users install the relevant operating system security update (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx). An antivirus solution with up-to-date signature databases and a properly configured firewall can also prevent infection. Users of Kaspersky Lab antivirus products who have installed the security update released by Microsoft will be fully protected from Kido.
More Information:
Wikipedia description of the Conficker Worm