Posted to Ben Finklea's blog on April 1st, 2009

Are You Prepared For The Conficker Worm?

April Fool’s Day is a day for fools and for the foolhardy. This year’s Fool’s Day could make fools of us all, if we not prepared. Today is the scheduled launch for the Conficker Worm, a nasty little computer virus with the capabilities to bypass your security defenses and wreak havoc on your portal to cyber space. What exactly will it do we don’t know yet, but whatever gruesome payload it’s packing is currently activated. It could be turning millions of computers into spam-sending zombies right now, or it could be capturing everything you type - passwords, credit card numbers, etc - and sending it back to its masters. No matter what happens, it is very important that you are prepared.

The way that the Conficker Worm is designed is extremely clever. Rather than containing a list of specific, static instructions, Conficker uses the web to receive updated order via an arsenal of websites it creates. It will start by checking 50,000 different semi-randomly-generated sites a day looking for instructions, so there is no known way to shut down all of them. It isn’t completely hopeless, because there are a few tools in your box that you can use to protect yourself.

Your first step should be to make sure your computer is fully patched. That means Windows Update needs to be completely updated, along with any current antivirus software you have. This can provide extra protection to make sure that anything that slips through your initial defense can be caught. However, if Conficker is already on your computer, it may bypass all your subsystems and updating and antivirus software. Try booting into Safe Mode, which Conficker prevents, to check. If you are worried that you may have been wormed, you a specialized tool to get rid of Conficker.

Surprise! Microsoft offers a web-based scanner, but there have been reports that it crashed some machines. There are other downloadable options: Symantec’s Conficker tool, Trend Micro’s Cleanup Engine, or Malwarebytes. Conficker could prevent your computer from accessing these sites, so it may be necessary to download them from a reliable, non-infected computer.

If you are worried about being infected, it is wise to make a full data backup first thing today, or yesterday. Turning off your computer until tomorrow will not work to protect you from the Conficker Worm, nor will changing the date on your PC will have any effect. Yes, Mac users are immune this time around. I feel a commercial coming on...

Volacci.® Your Profit. Our Passion.