Worried About Wednesday’s Conficker Update? Here’s Help!

Small business owner’s don’t always take the time to keep their computers as updated as they should and if you’ve ever lost data, you know the trauma it can cause in your business.  Here’s information from a LinkedIN friend, James O’Connor to help keep your computer system safe:

Unless you’re living in a cave, by now you’ve heard that a worm known as Conficker (or Downadup, or Kido) has infested computer systems around the world, and that it will do something April 1st, though nobody knows exactly what. How can you be sure your computer doesn’t become a casualty? Here are eight action items—things you can do yourself to weather the potential storm.

Double-check Windows Update
The worm weasels into computer systems through a Windows vulnerability that was patched last October, and once in place it interferes with the Windows Update system, to protect itself. So, verify that your system is up to date. XP users should launch Internet Explorer (no other browser will do), visit http://www.windowsupdate.com, and click the “Review your update history” link. Vista users should launch Windows Update from the Start menu and click the “View update history” link. In particular, you want to see KB958644 in the list—that’s Conficker’s entry point. If your latest update is any older than March 2009, that’s not good. Go back to the main Windows Update page and install all critical and security updates.

Turn Off AutoRun
Sure, it’s convenient that CDs and DVDs automatically launch their programs when you put them in. You may even be happy to see the window that asks what you want to do when you insert a USB key. But Conficker and other worms subvert this handy feature to spread their infestation. Use a Conficker-tainted USB key to share pictures or music with a friend, and you’re sharing the malware, too. The feature’s convenience just isn’t worth that risk. Here are instructions to turn off AutoRun.

Update Your Protection
It goes without saying that you should always keep your security software and malware definitions up to date. Don’t just rely on automatic updates, as the worm has been known to interfere with these. Dig into your security software and manually launch an update, then watch to make sure it completes the process successfully. Now launch a full system scan.

Get a Second Opinion
Your security software can probably handle the Conficker worm, but why take a risk? Visit the Conficker Working Group’s Repair Tools page to find the latest collection of threat-specific cleanup tools. At present, this page links to tools from AhnLab, ESET, Kaspersky, F-Secure Malware Removal Tool, McAfee, Microsoft, Sophos, Symantec, and TrendMicro. Run one or more of these to verify that your system is clean.

Check Your Servers
Conficker also attacks network shares using what’s called a dictionary attack. It tries to gain Administrator access using a bunch of common passwords and often lucks out. If you’re responsible for a network, whether it’s an office or home network, check all of the network shares and make sure they’re protected with a strong password. While you’re at it, check the root folder of each drive for the presence of an AUTORUN.INF file or any unrecognized software—these are clues that Conficker is already in residence.

Back Up, Back Up, Back Up
Conficker isn’t the only possible threat to your important data: Your computer could fail; thugs could steal it; a car might drive through your office wall and flatten it. If you have a backup system in place, make sure that it’s operational and that you have a recent full backup. If not, get yourself a high-capacity USB drive and copy all your most essential files onto it. (After making sure you’ve disabled AutoRun as described above, of course.)

James O’Connor
Managed Services
Phone 800-474-7397 ext 159
Local: 760-827-5100



Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: