Will your PC be safe on April 1 2009 Conficker C is all set to strike back on April 1. Here’s all about this virus/ Worm : what it does, how it spreads, symptoms that you have been hit and also how to escape it.
How to avoid conficker virus Source : Indiatimes Infotech & Agencies Computer users beware, security experts have warned that the deadly Internet worm Conficker C is all set to strike back on April 1. According to Graham Cluley of security firm Sophos, Conficker C is programmed "to hunt for new instructions on April 1". In January, the virus had infected more than nine million computers worldwide and was spreading at a rate of one million machines daily. Here’s all about this virus: what it does, how it spreads, symptoms that you have been hit and also how to escape it.
The malicious software had yet to do any noticeable damage, prompting debate as to whether it is impotent, waiting to detonate, or a test run by cybercriminals intent on profiting from the weakness in the future. "This is enormous; possibly the biggest virus we have ever seen," said software security specialist David Perry of Trend Micro. "I think the bad guys are field testing a new technology. If Conficker proves to work well, they could go out and sell malware to people. There is a huge market for selling criminal malware." One of the biggest virus
According to security experts, Conficker's most intriguing aspect is its multipronged attack strategy: It can spread three different ways. One is a vulnerability in Windows that Microsoft patched almost six months ago. The bug, which is in a file-sharing service that's included in all versions of the operating system, can be exploited remotely just by sending a malformed data packet to an unpatched PC. Two, the worm can spread by password attacks, and third by copying itself to any removable USB-based devices such as flash drives and cameras. Anti-virus experts have warned that the worm can be easily spread between unprotected computers through the use of removable drives, such as USB sticks. How it spreads
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx Microsoft's advisory about Conficker lists several symptoms of infection, including these: * Account lockout policies are being tripped. * Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled. * Domain controllers respond slowly to client requests. * The network is congested. * Various security-related Web sites cannot be accessed. In case your PC is showing any of these symptoms Microsoft recommends that you immediately use the MSRT to clean the machine. Users can download MSRT from Microsoft's site, or follow the instructions posted at its support site . How to know that my PC has been hit?
Once in a computer it digs deep, setting up defenses that make it hard to extract. The worm leaves the computer vulnerable to further exploitation by hackers and spammers, who are able to remotely download more malicious programs onto the computer, or even use the worm to help install software that will enable them to track and steal security information, such as banking logins or credit card information. Malware could also be triggered to turn control of infected computers over to hackers amassing "zombie" machines into "botnet " armies. "Here we are with a big, big outbreak and they keep revamping their methodology to increase the size of it," Perry said. "They could be growing this huge botnet to slice it up and sell it on the criminal market." How damaging it is?
A troubling aspect of Conficker is that it harnesses computing power of a botnet to crack passwords. Repeated "guesses" at passwords by a botnet have caused some computer users to be locked out of files or machines that automatically disable access after certain numbers of failed tries. " Conficker uses brute force from the infected network of botnets to break the password of the machine being attacked," Perry said. "That is something never seen before and I find it disturbing." Cracks passwords
According to Microsoft, unpatched Windows 2000, Windows XP and Windows Server 2003 machines are at the greatest risk. There are also reports from security companies, which highlight the danger to PCs running Windows XP Service Pack 2 and XP Service Pack3. Incidentally, these versions account for the bulk of Windows' market share. Unpatched Windows Vista and Server 2008 systems are less likely to fall victim to these attack, since hackers need to authenticate access to the computer, in other words know the log-in username and password. Most vulnerable machines
Microsoft advises people to stay current on anti-virus tools and Windows updates, and to protect computers and files with strong passwords. Microsoft issued a new series of security patches to try and help computer users defend their machines against the worm. Security experts urge people to harden passwords by mixing in numbers, punctuation marks, and upper-case letters. Doing so makes it millions of times harder for passwords to be deduced. "This is necessary in a world where malware hacks passwords ," Perry said. " Go get a notebook, keep it next to your computer and record your password in it. No hacker in the world can hack the written page locked away in your office." How to escape the worm
'Solution promised' As antivirus companies worldwide scramble to erect defences against the Conficker C worm, an Indian company has successfully found a way to beat the computer worm. MicroWorld Technologies' security solution claims to not only detect, but also eliminate Conficker C and block any further attempts by the worm to reinstall itself on the system. Govind Rammurthy, CEO & MD, MicroWorld Technologies said, "A three-pronged strategy is needed to tackle Conficker C an updated antivirus software, firewall protection on each and every computer in the network and the latest Microsoft patches."
MicroWorld's recently launched eScan version 10 software also incorporates daily updates against the Conficker virus, which the company built after buyers of previous versions complained of Conficker attacks. " Most companies don’t treat antivirus updates seriously. That, and having a common firewall for the entire network, leaves them vulnerable to attacks," Rammurthy says. Because the Conficker worm downloads fresh versions of itself on an hourly basis, eScan 10 is updated 8-9 times daily. It also provides each computer with its own firewall, thus screening every software that seeks access to the computer and automatically downloads key patches released by Microsoft.