Network Security
| Previous | Table of Contents |
Conficker Becomes Hype | Priority: Informational |
| Published Date: March 31, 2009 | |
| Last updated: April 01, 2009 2:43 PM by Nathaniel Hall | |
| The Information Technology department has received several questions regarding the Conficker worm that has been spreading throughout computer systems for the past several months. This worm, also known as Downadup, Kido, and Confi, exploits vulnerabilities in several Microsoft Windows operating systems. UPDATE: The Missouri Research and Education Network (MOREnet) has released a web based tool to help determine whether a computer is infected or not. Please visit http://conficker.more.net and read the instructions on how to test your system. Summary:The Conficker worm has been spreading amongst Microsoft Windows computers via a vulnerability that was fixed in October 2008. Several news agencies have reported that there is a trigger date that will cause the Conficker worm to begin attacking other computers. This is not the case. The April 1st, 2009, date is used to prevent institutions from blocking the worms update method.More Information:The Conficker worm has been infecting computers since November 2008 despite a patch being released in late October. Up to this point the worm has not performed any unusual actions. As with a lot of worms, Conficker is programmed to connect to websites that are under the control of the attacker in order to download updates to the worm. It does not appear that the attacker has used the network of Conficker infected computers to do any harm, but research institutions are not completely certain.Many news outlets have started reporting on the Conficker worm and that has led to some misunderstandings amongst computer users. The primary misunderstanding is around the April 1st, 2009, trigger date. This date does not represent a predetermined date of attack, rather, a change in the way the worm updates itself. Previous versions would attempt to update themselves by checking 250 different websites each day. On April 1st, the newest versions will start checking 50,000 different websites per day. The Conficker worm is not expected to change its behavior except to make it more difficult to stop its update method. In order to prevent infection by the Conficker worm, ensure you have applied all updates for Microsoft Windows. Microsoft Security Bulletin MS08-067 (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx) contains links to patches for the affected operating systems. It is also important to keep anti-virus and anti-malware software updated. Please note that infected computers might not be able to update Microsoft Windows or their anti-virus software due to restrictions placed by the Conficker worm. OTC computers that are believed to be infected with the Conficker worm should be reported to the OTC Help Desk by calling 447-7548 or by e-mailing helpdesk@otc.edu. | |
| Resources: "Information about Worm:Win32/Conficker.D" - Microsoft "Conficker April Fools Hype" - SecureWorks "Please, the world is NOT ending on April 1" - Sunbelt Software "Watch out for the Honda Accords" - ESET "An Analysis of Conficker's Logic and Rendezvous Points" - SRI International Microsoft Security Bulletin MS08-067 | |
| Previous | Table of Contents |
