«
»

Conficker

If you haven’t heard about the growing population of Windows machines hosting this prolific worm, educate yourself, particularly if you run Windows networks. This worm has been spreading like the plague since at least November 2008, and is presently estimated as having infected about 10 million machines. That’s a big botnet. It’s an active one too, regularly “dialing home” to now over 50,000 domains to receive updates. Its variants spread through various mediums, and favor network shares and USB drives.

If you can stand the gripes from your users, disabling Autorun through a forced registry setting (scripts, custom built ADM) is not a bad idea in general, so what if they have to open the folder and double-click the executable that’s likely in the top-level directory anyways?. Read the Cert/CC blog for more about this work around. Of key importance is that for whatever reason, the setting in HKCU overrides the HKLM setting. It may go without saying, but your best bet is cover both fronts.

If your network is infected presently, the following site hosted by BitDefender has a good list of symptoms to look for. In addition, the company has recently published both a single-workstation tool and a network tool to remove the worm from your computers. You can find these resources at http://downadup.org/.

Tags: , , , , ,

This entry was posted on Monday, March 23rd, 2009 at 18:10 by jim and is filed under Internet, Security, Virii, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>