Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Protecting Against the Rampant Conficker Worm

Businesses worldwide are under attack from a highly infectious computer worm that has infected almost 9 million PCs.

Businesses worldwide are under attack from a highly infectious computer worm that has infected almost 9 million PCs, according to antivirus company F-Secure.

That number has more than tripled over the last four days alone, says F-Secure, leaping from 2.4 million to 8.9 million infected PCs. Once a machine is infected, the worm can download and install additional malware from attacker-controlled Web sites, according to the company. Since that could mean anything from a password stealer to remote control software, a Conflicker-infected PC is essentially under the complete control of the attackers.

According to the Internet Storm Center, which tracks virus infections and Internet attacks, Conficker can spread in three ways.

First, it attacks a vulnerability in the Microsoft Server service. Computers without the October patch can be remotely attacked and taken over.

Second, Conficker can attempt to guess or 'brute force' Administrator passwords used by local networks and spread through network shares.

And third, the worm infects removable devices and network shares with an autorun file that executes as soon as a USB drive or other infected device is connected to a victim PC.

Conficker and other worms are typically of most concern to businesses that don't regularly update the desktops and servers in their networks. Once one computer in a network is infected, it often has ready access to other vulnerable computers in that network and can spread rapidly.

Home computers, on the other hand, are usually protected by a firewall and are less at risk. However, a home network can suffer as well. For example, a laptop might pick up the worm from a company network and launch attacks at home.

The most critical and obvious protection is to make sure the Microsoft patch is applied. Network administrators can also use a blocklist provided by F-Secure to try and stop the worm's attempts to connect to Web sites.

And finally, you can disable Autorun so that a PC won't suffer automatic attack from an infected USB drive or other removable media when it's connected. The Internet Storm Center links to one method for doing so at http://nick.brown.free.fr/blog/2007/10/memory-stick-worms.html, but the instructions involve changing the Windows registry and should only be attempted by administrators or tech experts. Comments under those instructions also list other potential methods for disabling autorun.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: F-Secure, Microsoft
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: f-secure, Microsoft, security, worm
Latest Blog Posts
Whitepapers
  • Realising the benefits of FTP consolidation
    Businesses today are experiencing a growing demand to move high volumes of data both internally and externally. Accordingly, File Transfer Protocol (FTP) servers are proliferating among individual departments and raising traffic levels with customers and suppliers. While vital information is flowing, security threats are also increasing dramatically, some of them malicious in the extreme, and the ad hoc nature of internal expansion means that it has become difficult not only to maintain security but to control necessary cost and quality factors. In response, competitive businesses have identified FTP consolidation as a priority to minimise security risks, reduce costs, and gain better control of their own operations. This white paper explains and explores the opportunity and benefits of FTP consolidation.
    Learn more »
  • Best practices for a Data Warehouse on Oracle Database 11g
    Increasingly companies are recognizing the value of an enterprise data warehouse (EDW). A true EDW provides a single 360-degree view of the business and a powerful platform for a wide spectrum of business intelligence tasks ranging from predictive analysis to near real-time strategic and tactical decision support throughout the organization. Read on.
    Learn more »
  • Best Practices for Energy Efficient Storage Operations Version 1.0
    The energy required to support data center IT operations is becoming a central concern worldwide. For some data centers, additional energy supply is simply not available, either due to finite power generation capacity in certain regions or the inability of the power distribution grid to accommodate more lines. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments

HP and IDG news, product videos and resources