Confidence in the Face of Conficker

Conficker is a worm. That is to say it is a self-replicating computer program. It uses a network, any network, including the biggest one of all, the Internet, to send copies of itself to other computers on the network and it may do so without any outside help -I.e. without you or I clicking on anything, intentionally or unintentionally. It is different to a virus in that it does not need to attach itself to an existing program. Are they dangerous? Yes and no. They almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. The Conficker worm is also known as win32 Conficker, Win32 Downup, ConfickerA, Net Worm Kido and possibly by other names as well. It appears to do a variety of things that are most often of nuisance value. However, its early days yet, and the bad news is that there could be more surprises down the line.

We do know these things:

• SpywareProtect2009: Reports are identifying SpywareProtect2009 as being another of the specific scareware tactics being used after Conficker's latest update. The victim receives a warning and is prompted to purchase the removal tool @$49.99. When you do the download streams in from the Ukraine and compounds the problem. Do not under any circumstances follow instructions from one of these prompts.
  
• Microsoft has purportedly put a bounty on the head of its creator, to the tune of $250,000.00.
  
• The Department of Homeland Security has also, I believe, issued a removal tool for its federal, local, and state governments and commercial vendors.
  
• High Infection Rate Already: I have also read that this worm has already infected between 9 million and 15 million systems.
  
• Known Actions: It saves a copy of its .dll (dynamic link library) files randomly in the Windows System folder and then load each time you boot Windows.
  
• Potential Harm: Once entrenched it can potentially disable system devices, reset and remove restore points, and stop automatic updates. This is in addition to stopping Windows security, Windows Defender (Microsoft's antispyware utility) and Error Reporting. This worm possesses the latest technology to help spread its destruction and avoid detection and removal.
  

Systems that are affected are: Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008 (beta thru RC), Windows 7 beta and all the beta versions.

Steps To Avoid Harm

1. Update all Definitions: Ensure all your antivirus and antispyware programmes are kept updated
   
2. Windows Updates: Ensure Windows is up-to-date with the latest patches. If unsure visit www.microsoft.com.
   
3. Configure Windows Auto-Update: Make sure Windows is configured to automatically download and install all updates.
   
4. Microsoft Malicious Software Removal Tool: Download, install and run Microsofts Malicious Software Removal Tool, keep it updated and run at random intervals.
   
5. Strong Passwords: Use strong Password Protection. I'll post an article on strong password shortly.