The Conficker virus stole headlines at the end of March 2009 with its dynamic and unique threat to infect the Internet.  Since the Internet continued to function after the supposed payload date of April 1, there has been a media silence since April 2.

However, this does not mean the threat disappeared. On the contrary, according to the Conficker Working Group, 350,073,303 infections have been tracked to date. These infected systems are used to send spam and to distribute fake anti-spyware applications known as scareware. Like most things, the motive comes down to money—money earned by the virus authors through spamming and selling malicious software to unwitting users.

In order to understand how it works and why it created such a furor, check out some good sources for reliable information about how the virus works:

US-CERT – Conficker Worm Targets Microsoft Windows Systems

Microsoft – Centralized Information About the Conficker Worm

New Scientist – The Inside Story of the Conficker Worm

There are also several testing and remediation resources out there, but be wary of over-enthusiastic, no-name vendors fueling infection panic and pushing a free removal tool. Research vendors before downloading any software. In fact, to be on the safe side, use tools recommended by the Conficker Working Group.

Conficker infections have not stopped even though headlines have slowed down to a trickle. Keep up to date on this ever-changing security threat.

Share your Conficker experiences below, in the comments.

Having only worked on the Fandotech team for a few months, I see a lot of users catching malware or viruses which could have been avoided entirely. It’s unfortunate, especially when you see the same users come back with the same problems. Whether these problems are from opening email attachments from unknown sources (a common problem that can easily be defeated by user education) to malicious Javascript running automatically when browsing to a web page (defeated mostly by just paying attention to what you’re doing), they can be quite serious and can cause a lot of frustration and downtime. Frequently, the quickest and easiest way to clean an infected computer is to completely format the hard drive and reinstall Windows. Any IT professional will try and save important documents before doing so, but in this field there aren’t any guarantees.

So, without any guarantees, there is no way to ensure complete and total security. The best method might be abstinence, which in this case translates to completely unplugging from the internet. But that’s hardly feasible in any sort of environment, since the Internet has become such an integral part of society. So here are a few steps to help ensure a moderate amount of security, both at home and in your place of business:

1. Always work behind a router. A router is a device that allows multiple computers to use an internet connection (and share files with one another, among other things). If you’re in a business, this is pretty much a guarantee. At home, not necessarily. Routers are very, very common in households these days, especially since wireless connections have become so huge. However, they don’t exist everywhere. A lot of people may have the misconception that a router isn’t necessary if they only have one computer that needs internet access. This just is not true. Basically, when you sign up for internet access, you get assigned a public IP address (think of it as your home address: it’s how information finds your computer). This is an IP address that is routable from the internet, and is not something you want your computer to have. It is a better security practice to purchase a router. That way, the router will have the public IP address and will give your computer a private IP address. This is good practice even if you have a software firewall, even if the ISP tells you otherwise.
2. Pay attention to what you’re doing. This is a lot more difficult than it sounds—many people don’t quite have this method ingrained into their behavior. They’re simply not used to having to pay attention to every link they click. Many times there are website URLs that look legit, but are actually a slight misspelling of a real URL. Sometimes, you can have a malicious email sent from someone you know and trust. It’s difficult to defend against such things, so just try and pay attention. Work on modifying your behavior if you need to. If you get an email from someone close to you that doesn’t seem to have the right language/tone that you’re used to seeing, email them back before clicking any links or downloading any attachments it contains (this method is how my wife avoided getting a virus from me many years ago: she knew the message in the email was not something I had written).
3. Make use of anti-virus software. This is #3 on the list because it is absolutely useless if you don’t do #2. If you click a link or open an attachment, there is a good chance it will not be tagged by any anti-virus software. However, anti-virus software can detect viruses—but it’s not fool-proof. Viruses change and morph constantly, and each time they change, the anti-virus software you use needs to be updated, otherwise it is useless against new threats. Most programs do this for you automatically, but it’s wise to check and make sure it’s being regularly updated nonetheless. There are many who can argue the merits of which program is the best, but something is better than nothing. AVG and Avast! are free anti-virus programs you can use, and some ISPs offer free software for their subscribers (for instance, Comcast offers free McAfee subscriptions). In this day and age, there is no excuse not to have some sort of anti-virus software helping to protect your computer. It is also worth noting that Windows does not currently have any sort of built-in anti-virus software. The reason I mention this is because one of the more nasty rogue programs out there tricks users into thinking their machine has a virus, and tells them that Windows Antivirus 2008/2009/etc. has detected threats and must be purchased in order to protect your computer. This is not a legitimate program and will do nothing to protect you against attacks. If you see a program like this, you’ve already got a virus on your system, because it is the virus.

   

   Windows Antivirus 2009

4. Make use of anti-spyware software. I was going to combine this with #3, but I think it should have its own place on the list. Viruses and spyware are different, and best approached using different programs. A program that you choose to install on your computer could contain spyware, and it wouldn’t necessarily classify as a virus since you choose to install it. Windows has an anti-spyware program called Windows Defender, which you can get for free. There are also plenty of free third-party solutions, such as Spybot, Malwarebytes, and Ad-Aware.
5. Try an alternative browser. Every PC that ships with Windows ships with Internet Explorer as the only browser installed, and therefore it is the most widely used of them all. I’d venture to guess that most end-users don’t even know what a browser is (I have many times heard Internet Explorer referred to as “The Internet”). Since IE is the most widely used, it is therefore the most vulnerable. I won’t even begin discussing the security holes or which browser is the most secure based on its coding—in my eyes IE is the least secure because it is the most widely used, therefore the most targeted for attacks. There are other solutions, such as Mozilla Firefox, Google Chrome, and Opera (to name a few) which have only a fraction of the market share, and therefore are less likely to be compromised. None of them guarantee you security, but it only makes sense that the majority of malicious software written will try and hit the most users.

Those are just a few of the basic steps any end-user can take to help make them a bit more secure. Any of these are helpful to practice on a regular basis, but the best approach is the combination of some or all of them. As I said before, there is no single way to make you completely secure—merely several things that can add to your level of security. As I said at the beginning of this article: I’ve seen many occasions where the only feasible way to clean malicious software from a computer is to completely delete everything on it and start over. If your information is important to you, make a small effort to protect it.

Corey Slack