Posted by: GuyPardon
Anti-Virus, April Fools Day, Conficker, Denial-of-service attack, Information security, intrusion defense, malware, Microsoft, Microsoft Windows, Security, security policy, Windows Malicious Software Removal Tool
Leslie Stahl’s segment on 60 Minutes on the danger of the Conficker worm releasing a massive DDoS attack or other malicious action on April 1 has received widespread attention in the public eye and expressions of doubt from around the blogosphere, particularly in the security community. If you missed Stahl’s segment, there is an excellent demonstration of a hacker compromising and then mirroring her system, along with a discussion of the dangers that a global infection could pose. You can watch the “Is the Internet Infected?” 60 Minutes segment at CBSNews.com.
When asked this morning about the likelihood of the Conficker worm setting off a nasty surprise , SearchSecurity.com’s Rob Westervelt noted both the lack of sourcing for the story and the FUD that has surrounded the worm in the media. Citing both and independent security experts, Westervelt suggested that patched, protected systems should have nothing to worry about on Wednesday. Robert McMillan of PC World, for instance, feels that fears of a Conficker meltdown are greatly exaggerated.
What can be done, if you are still worried? Eric Ogren wrote at SearchSecurity.com that the Microsoft Conficker worm offers attack prevention lesson and suggested the standard response to Web security threats: Run AV software and update patches. Microsoft has also provided a resource page for IT administrators, “Help Protect Windows from Conficker.”
Michael Horowitz, over at Computerworld, recommended the following steps to combat the Conficker worm:
- disabling Autorun for protection from infected USB drives
- using the free Windows Malicious Software Removal Tool from Microsoft to scan your PC
- using OpenDNS to prevent the worm from communicating
- employing DropMyRights to run software in restricted mode, protecting Windows XP user
- trying antivirus program AntiVir from Avira or Malwarebytes’ Anti-Malware.
Good luck out there. If concerns over the Conficker infection prove justified, it could be an ugly week in the IT world.
UPDATE: Westervelt also reported that the Conficker flaw has yielded a new tool for detection.
“Security researchers have developed a new tool that can scan the company network and remotely detect machines infected with the Conficker worm.
A proof-of-concept scanner was released by the Honeynet Project, a nonprofit security research organization. The tool is also being made available on many network scanning vendor tools: Tenable (Nessus), McAfee/Foundstone, Nmap, nCircle and Qualys.”
You can download the Honeynet Project’s scanning tool from Honeynet.org.