For those who have never heard of it, Conficker is a computer worm that targets Microsoft Windows systems and creates a botnet; a collection of compromised computers connected to the Internet, used for malicious purposes. The good news is that the worm’s purpose is not to destroy your computer or its data. The bad news is that it connects with other computers to create a large networked supercomputer that can do a lot more damage than just wiping out data.
Conficker was first detected in November 2008 and some estimates say it has infected anywhere between 10 and 20 million computers worldwide. It uses flaws in Windows software and dictionary attacks on administrator passwords to propagate. It typically infects computers and networks with weak passwords, unsecured open folders, unpatched software and no anti-virus running. Since it is self propagating and very difficult to counter, it has been spreading like crazy for the last three years.
Conficker takes over control of your computer and hands it to a master or remote controller. The master can use the combined power of all the infected computers to take over networks and compromise other systems. The worm can steal passwords and codes for any accounts you use online. This past June, Ukraine’s security service, SBU, helped the US FBI disrupt a criminal group using Conficker to steal $72 million from the banking industry. The worst part is you won’t notice that it’s happening.
Mark Bowden, in a recent interview on NPR said, “If you were to launch with a botnet that has 10 million computers in it — launch a denial of service attack — you could launch a large enough attack that it would not just overwhelm the target of the attack, but the root servers of the Internet itself, and could crash the entire Internet. What frightens security folks, and increasingly government and Pentagon officials, is that a botnet of that size could also be used as a weapon.”
Soon after Conficker was discovered, a volunteer group of security experts formed the Conficker Working Group (CWG). They worked with the US government and industry to help understand and eradicate the worm. Since there have been many variants of Conficker, it has been difficult to stop. The CWG realized that whoever created Conficker wasn’t intending to take down the Internet, but using it to make money, which is the goal of most viruses and malware.
So what should you do?
First, as they say in “The Hitchhiker’s Guide to the Galaxy”, DON’T PANIC. Next click on this link and follow the instructions to see if you are infected. If you are, go to one of these links to get a Conficker removal tool and run it.
After you get rid of it, do the following to prevent getting infected in the future:
- Apply the Microsoft MS08-67 security update
- Use a strong password with at least 8 characters
- Turn off autorun for USB devices
- Make sure your antivirus software is up to date
- Make sure your computer has the latest Microsoft patches by turning on Windows Update
Conficker is tamed to some degree, but clearly not under control. No one is sure who controls the worm or what her or his ultimate goal might be. It could wreak havoc and do something terrible or just sit there forever and steal money. Millions of computers in businesses, governments and homes are still infected.
Don’t take the risk and check your computer out now.
Photo credit vungmanh