Conficker Wednesday

Note: This was originally posted as a Workplace Wednesday article at BFM

Since today is Conficker payload day, I thought I’d talk a little about protecting your business machines from this nasty big bad.

First, a little bit about what it is.

Conficker is a piece of malware that is designed to infect Windows Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems. April 1, 2009, is hardcoded as a payload date. This means that the Conficker worm is scheduled to do something on April 1. None of us know what that payload is yet, so we can’t tell you what to expect. It’s possible that Conficker will do nothing at all. It may remain dormant and wait for a time when no one is expecting trouble.

In case you’re wondering, Conficker is controlled by some nasty humans, somewhere on the other side of the Internet. These humans control what Conficker does by uploading instructions to random sites. Conficker is designed to seek out and follow these instructions.

What can you do to protect yourself? Use Windows Update to make sure that your machine is fully patched, and make sure your antivirus software is up to date with the latest virus definitions. Run a full virus scan now and make sure that your data is backed up.

If you’re concerned that your machine might already be infected, try booting into Safe Mode. Conficker is designed to prevent access to Safe Mode, so if you can boot into Safe Mode, you’re probably ok. You can also run one of the following tools:

* Microsoft online scanner

* Symantec’s Conficker tool

* Trend Micro’s cleanup engine

Conficker infected over 9 million computers in the first week or so of release, by exploiting vulnerability in the Windows 2000, XP, and Server 2003 operating systems. Microsoft released a patch to fix the vulnerability before the release of Conficker, but the patch wasn’t applied quickly enough to prevent infection. Even 30 days after the release of the update, only about 50% of the targeted systems had been patched.

So that’s what Conficker is all about. Some universally applicable not-necessarily-Conficker lessons from this:

1. There are some Windows updates that should be applied as soon as possible
2. Antivirus software should always be kept up to date
3. Do NOT pick up a USB drive in a parking lot and put it in your machine!
4. Disable the autorun feature on your PC, even if you are good and follow rule #3
5. Back up your data!

If you’re on a business network, then you probably have a network admin who has already taken care of business for you. If you’re running business machines at home, or in a small business where you just call your tech in as needed, you should take a look at your systems and make sure you have all possible protections in place.

(for kicks – click here for a slideshow of the 10 worst moments in network security history)