I may be a Apple user but the fact of the matter is most people are on Windows. A lot of my friends and family use windows and their security means a lot to me so I have taken an interest in conficker (AKA Downup, Downadup and Kido)
I know this is a big read for some but please bare with me! This information is super important if you use Windows.
I’ve been watching the development of conficker for a while now via the news, blogs, and Security Now. If you don’t watch or listen to Security Now, I HIGHLY recommend it! You can download it on the site, subscribe on iTunes, and subscribe on whatever zune uses LOL! I now feel confident in my research to relay the facts (without the media hype) to you and break down what conflicker REALLY is, what it is doing, how you know you have it, and how to get rid of it. I will try to explain it so most people can understand, even if you are not a technology wizard.
Conficker is a revolutionary worm that has infected tens of millions of Windows PCs. [*Note* It ONLY infects Windows.] A worm is not a virus. A virus is much like a human virus. It needs human interaction to infect your PC. I.E. you must download a client, open a infected email, and so on. A worm on the other hand can infect computers through the internet with little to no human interaction by using holes in security.
Conficker is written by someone who fully understands the technology of it and is quite the genius. Unlike a lot worms and viruses which are written by punk kids looking to get a rise. It also seems as if it is originating from the Ukraine because computers from there are not contracting it. Many people speculate that this is because the creator does not want to agitate the local authorities and knows that law enforcement does not work as well over borders.
There are many ways to get Conficker. The most common way is by not running your Windows updates! It is sooooooo important to run them! I know that it can be a pain, take some time, and may even require a password but it can cost you your computer. Microsoft will send out patches when a new strand of Conficker is found and usually updates the second Tuesday of every month.
You can also get it by downloading software, movies, and music illegally on a P2P network (Limewire, Kazaa, and so on) or through bit torrents.
Another common way is by those sites that say, “We scanned your PC and found 51,839,732 viruses! Click here to download FREE anti virus software!!!” Most of those sites are a gateway to uploading viruses and worms.
Conficker also spreads through computers on a network, which includes wifi. If you use a public wifi network, such as Starbucks, and another person with conficker is on that network it will spread to your PC. Also if you do not password protect (WEP and WPA) your wifi and your neighbors use it, they can give you Conficker.
Conficker also found a hole in Windows security by targeting automatic plug and play. If it is enabled Conficker uses it to infect your computer while you are completely unaware.
As of right now the purpose on Conficker is not clear. It is most likely sent out for the creator to make some extra bucks. During this time it is collecting data and updating it’s self.
There are various strands of Conficker infecting computers. When a new strand is released it updates a certain amount of computers which then turn around and update more computers by sending out information packets on the web.
It also commandeers over 500,000 domain names at random daily, so it is near impossible for the anti-conficker group to stop it. This has not been seen before in the history of viruses, trojans, and worms. From these domains it can update it’s P2P network and phone home without leaving a map to the creator.
When you are infected it sends threads to do different tasks throughout your computer. A thread is a chain of code which creates a command. They each have their own responsibility. One is in control of blocking you from removing it and uploading security software. It also prevents you from utilizing security software sites like Mcaphee and Norton.
Another thread is in charge of sending out packets to infect other computers. It sends out four packets a second which is not as fast as other worms but it less detectable.
The signs to watch out for are disabled Windows Automatic Update, Windows Security Center, Windows Defender, and Windows Error Reports. Also a sure sign is if you can’t run any security software or utilize their sites.
Some strands of Conficker create a false sense of security by running fake updates and security software.
The sure way to see if you have Conficker is to run MSRT! All you do is go to the start menu and then “run” and type in “msrt.exe” then do a deep scan. Make sure the date on it is current. If the date isn’t current then you are most likely infected.
If you have contracted Conflicker Microsoft encourages you to remove it with MSRT which I explained above.
Below is a list of sites I recommend to help you get more educated on how to sheild your PC from Conficker and other worms and viruses.
Security Now show notes on Conficker
PC World Article Regarding Conficker protection
I hope this info helps!
♥ Shawnee
Hi, good post. I have been pondering this issue,so thanks for sharing. I’ll definitely be subscribing to your posts.
Super post, Need to mark it on Digg
Rufor
I have been looking looking around for this kind of information. Will you post some more in future? I’ll be grateful if you will.