D-day for Conficker virus – here’s how to protect yourself

Be alert, not alarmed – today is the day the Conficker virus is set to gain a new lease of life, potentially unleashing an avalanche of spam or malware.

But so far computer security experts say nothing major has occurred.

Anthony Edwards, technical support manager for Trend Micro Australia, says the company is monitoring the situation closely, but no major changes in the virus have been detected.

“The virus was due to activate a payload in a list of domains, in which it can connect to make further instructions. We are closely monitoring the situation, but we haven’t seen anything new happening,” he says.

“Right now, nothing really new is going on with it.”

Edwards says businesses should be double checking their servers and workstations are patched with Microsoft updates.

“The virus can also try and guess passwords, so having a strong password policy is important to ensure it doesn’t hack your servers, and obviously tighten security with USB keys and such.”

The US Government’s Department of Homeland Security has also released a computer tool that is designed to test whether computers have been infected with the wide-spread Conficker virus.

The release of the detection tool is in response to concerns that the makers of the virus will ramp up their efforts for April Fool’s day.

Director of the US Computer Emergency Readiness Team, Mischel Kwon, has said in a statement that the tool can be used to help individuals and businesses protect their networks.

“While tools have existed for individual users, this is the only free tool – and the most comprehensive one – available for enterprises like federal and state government and private sector networks to determine the extent to which their systems are infected by this worm,” she said.

“Our experts at US-CERT are working around the clock to increase our capabilities to address the cyber risk to our nation’s critical networks and systems, both from this threat and all others.”

The virus was first detected in October 2008 and has since infected an estimated 12 million computers worldwide, including machines in government departments in New Zealand, Britain and the United States.

The virus has become such a large problem that Microsoft has issued a $US250,000 reward for information about who designed the worm.

Symptoms of the virus include slow internet traffic, failure to reach certain websites such as those promoting anti-virus software and the official Microsoft site, and Windows account lockout settings being changed.

The virus itself is a type of malicious software that is left dormant until further instructions are given, and can be hypothetically instructed to steal data or let the virus’s designers control infected machines.

The virus buries itself in a computer, but can form new files and start to “talk” to other infected computers over internet networks.

So far, the worm has been given no instructions from its creators.

But the virus’s reach is now expected to grow even further. Computer analysts have warned that the virus is designed to reach 250 websites per day, but from today it will now connect with 50,000 sites per day.

What you can do to protect yourself and your business

• Download the US-CERT test.
• Download Microsoft security patch MS08-067.
• Use detection tools available from these sites dedicated to eradicating the virus.
• Ensure Windows automatic updates are turned on, as the virus turns them off.
• If a computer is infected, remove it from any connected networks including internet connections.
• Ensure firewall and anti-virus software is installed on all machines on a network.
• Read this SmartCompany blog about how to protect your networks against viruses.

Related stories:

• Could this be history’s biggest ever computer virus?
• Cornficker computer virus to take new turn on April Fool’s day