In response to growing concerns from the public and the media about the possible threat that may be unleashed by the Conficker worm on April 1st, McAfee offers some simple guidelines for consumers and businesses to ensure they are fully protected.
Conficker first surfaced late last year, taking advantage of a security flaw in Microsoft?s Windows operating system to spread itself. Microsoft provided an emergency fix for the vulnerability last October with Security Update MS08-067. However, because many systems were not patched or properly protected with security software, Conficker has slithered onto as many as 12 million Windows computers, according to some estimates.
Some experts believed that one variant of the worm, Conficker.C, might activate on April 1 and start another assault on Windows computers. Computers infected with Conficker become part of an army of compromised computers and could be used to launch attacks on Web sites, distribute spam, host phishing Web sites or other criminal activities. Additionally, once it is on a computer, Conficker digs itself in by attempting to deactivate security software and sabotaging tools to remove it.
"One of the symptoms of this worm is that it blocks access to Web sites of Internet security companies," says Dave Marcus, of McAfee Avert Labs.
As Conficker blocks popular security Web sites, users should search for "stinger virus removal" on the Internet. Alternatively, users may transport the Stinger tool via a USB stick from an uninfected computer.
McAfee has released a free tool that will help assess multiple computers for the presence of Conficker. This new tool, termed ConTest, may be downloaded at no charge at http://www.mcafee.com/us/enterprise/confickertest.html.
Anti-malware solutions will clean the infection and use behavioral detections techniques like buffer overflow protection to prevent future infections. This is important because Conficker can propagate via portable media such as an infected USB drive. As the drive is accessed, the system processes autorun.inf and executes the attack. And finally, ensure all computers have Microsoft Security Update MS08-067 installed.