On Wednesday, April 1, the latest variant of the Conficker (also known as Downadup and Kido) work will download new instructions. The sophistication of this worm and its botnet have many concerned, although the amount of legitimate concern is a matter of debate.
If you're concerned, then here are the 7 most important things to know about Conficker:
1. The overwhelming majority of systems infected with Conficker were infected through a vulnerability in the Windows RPC facilities. This vulnerability was patched in October. If you installed that patch before Conficker came out (late December '08) then you were protected and still are. If you haven't installed the update then it's essential that you do so. Windows Vista is technically vulnerable in this way, but the exploit is almost impossible to execute on it. Conficker is basically an XP problem.
2. Conficker can also spread through network shares, including those that have weak passwords; the worm executes a "dictionary attack" in which a list of common passwords (think "password", "asdf", etc) are used to gain access to the share. So if you find new executables on such drives they may be infected. Treat them as you would a program that got e-mailed to you unsolicited, and we hope that means you'll avoid it and report it to a network admin if you have one. A good anti-malware program will detect it at this stage.
No comments:
Post a Comment