The "no bull" guide to Conficker

The "no bull" guide to Conficker

Summary: I usually have a pretty good idea of how widespread a particular piece of malware is by the number of incidents of infection (or reports of infection) that I come across. But when it comes to the Conficker worm (aka Downadup or Kido), I get the feeling that while there's a lot of hype surrounding this latest bit of malware, actual infections are much lower than some would want you to believe. However, over the past few days the number of enquires I'm getting in relation to Conficker has skyrocketed, so to try to answer people's questions, and calm people's fears, I've put together a quick "no bull" guide to Conficker.

SHARE:
292

[UPDATE: I've posted a piece looking at the latest Conficker.E update.]

I usually have a pretty good idea of how widespread a particular piece of malware is by the number of incidents of infection (or reports of infection) that I come across. But when it comes to the Conficker worm (aka Downadup or Kido), I get the feeling that while there's a lot of hype surrounding this latest bit of malware, actual infections are much lower than some would want you to believe. However, over the past few days the number of enquires I'm getting in relation to Conficker has skyrocketed, so to try to answer people's questions, and calm people's fears, I've put together a quick "no bull" guide to Conficker.

Some antivirus companies love to hype malware because it's a great way to sell security products. While Conficker isn't new (it's been around since November last year), the April 1st trigger date gives security firms the opportunity to ratchet up the hype a couple of more notches (and help drive concerned users straight into the hands of cybercriminals). However, it's important to note that it's unclear right now as to what will happen come the trigger date. However, what is clear is that you will need to be infected to be at risk of anything happening at all.

It seems that more than half of all Conficker infections are confined to PCs in China, Brazil, Russia, India, and Argentina, so folks in the US and Europe have dodged the bullet ... mostly. Given the relatively low number of Conficker infections that I've come across, I'd say that the research is spot on.

If you're running a fully patched system, then you've got little to be worried about. If you're running an antivirus program, then you've got a second line of defense. If you're worried, run a scan with a detection tool (links below). Better to be safe than sorry. Conficker can spread via network shares, leveaging weak passwords, so if you can't trust the systems you're connected to, and you know you're using weak passwords, then your risk of being infected is elevated. Also, Conficker can spread via removable drives by taking advantage of Windows autoplay.

If you're running a bootleg copy of Windows that's not patched properly, or you've been neglecting to patch up (the security bulletin that's important here is MS08-067) then there's a small chance that you could be infected. If you're worried, run a system scan using one of the following tools:

If you're having trouble accessing any of the above links then that could be an indicator that you're infected because Conficker (specifically Conficker.C) incorporates a domain blocker to prevent infected users from getting help (even accessing Windows Update and Microsoft Update). It's now important that you use an uninfected PC to download a Conficker removal tool onto a USB drive and clean up the infected PC. Alternatively, you can visit a site run by security firm BitDefender that is, as of the time of writing, not blocked (this site could be added to Conficker's block list at any time, so there are no guarantees that it will remain open to those who are infected).

After cleaning up the PC, apply the patch and then get on with the rest of your life.

Bottom line ... Don't panic!

Topics: Hardware, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

292 comments
Log in or register to join the discussion
  • Welcome to Windows.....

    Nuff said.
    Christian_<><
    • Welcome to people's own stupidity

      Its the usual story... Microsoft patched this
      yonks ago. If people haven't applied the
      patch, then blame them not Microsoft.
      GTRoberts100
      • Only MS users

        Only MS users blame the victim. Windows was built on an insecure model and it will always be the weak link in the security chain.

        You can't blame users for that.
        Chad_z
        • What is this "insecure model" Windows is built on?

          You mean the model used by almost ever other general purpose OS? You mean the model which was declared more secure than OS X by some of the smartest hackers in the world?

          Please do tell what makes Windows deficient. Specifics please...no ambiguous claims. Furthermore tell us all what Microsoft could do to secure it. Again specifics...none of this "rewrite" it BS.
          ye
          • Are you doing more surveys today?

            Folks, Ye isn't satisfied with an answer to *any* of his questions.

            It's an endless loop. Break out of it.

            Ye and Loverock are birds of a feather.

            Disregard his Trolling.
            no_zd_user_name
          • Give me a satisfactory answer and I'll be satisfied.

            As yet, despite numerous requests, no one has provided an answer to my question. And it bothers you to no end that I continue to hold your feet to the fire. So provide an answer or stop with your FUD.
            ye
          • 100% cure for Conficker

            Here's a tip for you ye:

            http://blogs.computerworld.com/100_cure_for_conficker

            no_zd_user_name
          • @Dietrich ... lemme guess ...

            Run Linux! ;)
            Adrian Kingsley-Hughes
          • @Dietrich T. Schmitz: A link to an article by SJV!

            Now there's some objective journalism!

            The "cure" for Conficker was made available on 10/14/2008 in the form of preventative medicine. Anyone catching Conficker plain and simple hasn't taken the most basic of steps to protect themselves. Probably at the recommendation from some ABMers that "patches break things so don't do it".

            Now with that deflection do you care to detail the insecure security model mentioned by Chad_z? Or will you continue your deflection?
            ye
          • @Adrian: Good Guess ;)

            ye is entertaining me today.
            no_zd_user_name
          • @dietrich: this is silly

            [i]Now, however there's a patch that will stop Conficker[/i]

            No, there was a patch in October 2008, [b]before[/b] Conficker hit.

            The premise of that article is silly. Millions of us run Windows every day with no problems, no infections, and we are extremely productive with it. I [b]also[/b] run a Linux server which "Just Works". Had my Linux server gotten hit with one of the millions of Linux targeted Apache attacks, would my patch be for me to switch to IIS? For a while, I ran a Kubuntu and then an OpenSUSE desktop. Had I been hit with Ramen, would my patch have been to move to XP? Of course not.

            While installing and running Linux is not difficult and I would encourage people to try it if only to see what else is out there (Live CDs are a fantastic way to do this if you have the RAM), I would not encourage people to switch out of fear from malware. Keep your system (no matter the OS) up to date, use a tiny bit of common sense before downloading and installing stuff you find on the Internet (no matter the OS) and you will not get hit by Conficker on Windows, Ramen on Linux, or Oompa-A on OS X.
            NonZealot
          • @Dear Dear NonZealot: I am having fun at ye's expense today

            Sorry.

            I provide some constructive information further below in the threads.

            I believe ye isn't interested in reason. He toys with people and wastes their time.

            Conficker is yet another, if not the biggest, road sign for Windows users to take a good long look at.

            Pay attention Dear Windows Users, your machine can be infected merely by visiting a web page, without clicking on or downloading anything. Not good.

            Time to make a switch over to Linux Folks.

            Thank you NonZealot :)

            no_zd_user_name
          • @Dietrich T. Schmitz: Only if you do not apply the patch.

            [i]Pay attention Dear Windows Users, your machine can be infected merely by visiting a web page, without clicking on or downloading anything. Not good.[/i]

            Which was released five months ago.

            [i]Conficker is yet another, if not the biggest, road sign for Windows users to take a good long look at.[/i]

            Yes, they need to look at their patch policies and ask themselves: Why am I not installing patches?

            [i]I believe ye isn't interested in reason. He toys with people and wastes their time.[/i]

            LOL! This is good coming from someone who just said:

            "I am having fun at ye's expense today"

            A resonable person doesn't have fun at someone else's expense. A reasonable person provides reasonable answers to reasonable questions. Something you've failed to do in your childish quest to "have fun at ye's expense". This says more about you then me.
            ye
          • I like the line that says

            [i]and almost all other malware programs[/i]

            Not 100 percent, but [i]almost[/i] all.

            Guess Linux is not as secure as everyone claims?
            GuidingLight
          • @NonZealot

            Oh Dear.
            no_zd_user_name
          • @GL & Ye

            Brand name addiction makes you run the most insecure systems available.

            How pathetic.
            Amelioration
          • Re; Ye and Loverock are birds of a feather.

            I can not agree on that one. Ye usually shows quite significant signs of knowing what he is talking about.

            This does not mean I always agree with ye, but he is certainly no "Lovey".
            hkommedal
          • Ok. I retract. Sorry ye.

            nt
            no_zd_user_name
          • ye will do his best...

            ...to convince you astroturf is real grass, no doubt about it.

            Notice he is spending the next 30 posts telling everyone Conficker isn't a problem and that denial will make it go away.
            hasta la Vista, bah-bie
          • @hasta: and ye was right about Conficker

            [i]Notice he is spending the next 30 posts telling everyone Conficker isn't a problem[/i]

            Notice he is right and Conficker [b]isn't[/b] a problem.
            NonZealot