| |

Saturday, May 16, 2009

Conficker Virus: Not just a typical computer worm

Conficker is a computer worm attacking vulnerabilities of Microsoft Operating Systems and started infecting PC's around November 2008. Computer worms have been circulating in the internet for so long but what made this worm special? Researchers from the different anti-virus companies say that the person or people responsible for this virus know what their doing and and it uses various advanced malware techniques that make it difficult to eradicate. Even the French Navy system was infected that several fighter jets were grounded and the British Ministry of defence also reported being infected. The following Windows OS are believed to be vulnerable to conficker worm: Windows 2000, Windows XP, Windows Server 2003, Windows Server 2008/R2. Windows 7 is also likely to have the same vulnerability as well. Windows responded with a patch to close the security hole but many computers in the world are still vulnerable.
April 1, 2009 is the date anticipated by experts that the virus activates itself and no one knows what will happen but it never caused many problems. Even though it did not cause much problem on that date, many experts say that the virus is slowly turning infected PC's into email spam servers and distribute the virus accross the world wide web. It basically makes the infected PC into a botnet, or PC slave under the control of the virus or its makers. Conficker is also evolving over-time. The latest variant of the virus is the Conficker.E that was reported to be infecting PC's on April 8, 2009.

What are the symptoms?
- Account lockout policies being reset automatically
- Certain Windows services such as Updates, Firewalls, BITS, defender, error reporting tools disabled
- Domain Controller responding slowly to client request
- Congestion in LAN
- Microsoft, anti-virus and security related websites becomes inaccesible
- User accounts are locked-out

How to avoid being infected?
- Regularly update from Microsoft to recieve important patch that closes security holes exploited by the worm.
- Install an anit-virus and never disable your firewall
- Employ proper password policy
- Disable Autorun feature on Windows as the worm can also spread in removable drives such as USB flash drives.

More information on the worm can be found on Microsoft website.