Wednesday, April 01, 2009

Conficker Virus Alert in plezWorld

Just in time for April Fools' Day... a computer virus to shut down your computer network. But by many accounts (here and here), you can protect your computer from this virus scare.

Before anything, you have to make sure that your computer is infected. The fastest and most sure way to check is to clear your browser cache and then attempt to visit any major security software publisher's website (Norton, McAfee, ESET). If you can get through to any of these sites, you are fine, because the Conficker virus blocks access to them.

If you're running an up-to-date virus scanner, it's unlikely you'll get infected unless you've configured your computer to not receive automatic Windows updates. It is anticipated that this virus attack will not be as bad as some had planned.

In the unlikely event you are infected, follow these instructions that I lifted from a cnet article:

Download one of several free Conficker-specific removal tools: McAfee's Stinger, Eset's Win32/Conficker Worm Removal Tool, Symantec's W32.Downadup Removal Tool, and Sophos' Conficker Cleanup Tool.

If none of these programs work for you, Avira also offers Conficker-specific instructions on how to use their rescue CD to fix your computer. This requires a secondary computer so you can create the CD, if you haven't done so prior to infection.

It is strongly recommended that if you're infected and you have the luxury of a second machine, disconnect the infected computer from the Internet and install any repair programs or other fixes via CD or USB key.

One of the most common infection vectors for Conflicker and its ilk is the Windows AutoRun feature. Eset claims that one out of every 15 threats they detected in 2008 used autorun.inf. Unfortunately, disabling it is not as simple as you may think, because even when disabled through conventional means it still parses most of the autorun.inf file, instead of not reading it at all.

To disable it completely, users will need to copy the text below into Notepad. It should be one line from the left bracket to the final quotation mark.
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\IniFileMapping\Autorun.inf]@="@SYS:DoesNotExist"

Save it as something memorable, such as StopAutoRun.REG. Double-click on the saved file, and you close the AutoRun loophole. You also won't be able to automatically play DVDs just by putting them in the disc drive, but that seems a reasonable price to pay for slamming the door on this gaping security flaw.

Once you've gotten your computer clean and killed off the AutoRun feature, there's still more to do. These changes, however, are behavioral. Stay on top of Windows security updates from Microsoft, do not under any circumstances click on any Web-based ''free virus scan'' offers, and make sure you're not only running a reputable security suite, but that it's configured for daily virus definition file updates.

~ ~ ~

plez sez: some people have too much time on their hands. can this be a by-product of a down economy? i wonder if conficker is the brainchild of a group of out-of-work computer programmers whose jobs were shipped overseas?!?

~ ~ Citations ~ ~

Read the Microsoft article about Win32/Conficker.B worm and its removal.

Read the New York Times article about Conficker virus.

Read the article about the Conficker worm.

Read the article about April Fools' computer virus.

~ ~ ~ ~ ~ ~

No comments: