If you haven’t heard of the Conficker worm, it is the next big one that’s being talked about after the Sasser worm from a few years back.
What is Conficker?
Conficker worm has been circulating in the Internet since October/November of 2008. And it has been seeing variants and some as recently as February.
The disturbing thing about the Conficker worm is that it’s intentions at this point is completely unclear. The worm infects computeres around the world and then just sleeps until April 1 2009. Tomorrow.
April Fool’s Day trick? Security Analysts don’t think so.
Tomorrow all the Conficker worm infected computers – millions and millions of them will awaken and start scanning the Internet for instructions.
Should you be worried?
Well, it depends. You can find out relatively easily if your computer has been infected. If you have Microsoft Windows updates installed automatically or as soon as they are released, your are relatively safe. But, new variants might have slipped in.
Conficker worm infected computers show certain symptoms like
- You can’t access security related domains like antivir, ca, conficker, f-secure, norton, etc.
- You can’t download the Microsoft patch to fix this vulnerability
photo credit: boned
How to Remove Conficker?
If you suspect Conficker infection in your computer, you can try one of these methods to remove it.
- Install Windows Patch – Install this patch released in Oct ’08 if you don’t already have it. (if your computer can’t access Microsoft domain, use another clean computer to download the patch to a USBÂ drive). You can also use a Firefox add-on like Show IP and try to go directly to the site with the IP instead of domain name.
- Use a Conficker Removal Tool – Use one of the following tools to remove it. Again if you can’t access the site domains, try using IP address or download it from another clean computer
More Conficker Resources
If you would like to read some more good resources on Conficker, here are a few really good ones I came across this morning
- How to stop Conficker in its Tracks immediately – Daily Cup of Tech
(make sure to see his part about hosts file update to block the worm from downloading instructions) - 7 Resources to Help You Prepare for Conficker’s D-Day – Read Write Web
- McAfee’s Stinger – Conficker Removal Tool – Killer Tech Tips
My $0.02
In spite of all the commotion and some fear mongering by media outlets, this could turn out to be a not so big deal.
Considering how easy it is to remove and address, it is more of an issue with Computers with illegal Microsoft copies out there that don’t update with the current patches.
The best we can do is to keep our computers updated, take the necessary precautions and watch what happens tomorrow.
The most recent variant of this worm is set to scan for almost half a million domain names to get instructions. This is a ploy to prevent security experts from neutralizing the problem domains but again it could even take weeks for a lot fo computers to start talking the worm code.
Is this going to be a April Fool’s joke or Conficker D-Day as some predict? We’ll see.
thanks alot about the informations and how to remove the confickter.
but it’s still kinda hard to remove it.
It appears like nothing really bad has happened so far. And that’s great. 😀
Thanks for linking to my post, btw.
hi K,
I just read an article on it that say it blocks access to microsoft.com, so if you can go there, you (probably) don’t have it. That was the first thing I tried, and it looks like I’m ok. I also have AVG and malwarebytes, both of which I recommend. I do hope this is being over-hyped. 🙂 Steve
thanks for sharing the information about how to remove the confickter, i had the worm once had to remade my complete pc would i have your topic this time it perhaps could save my pc.
Actually NMAP have a feature to detect conficker infected PC
.-= Vinoth´s last blog ..Johnny.Ihackstuff =-.