Conficker
Conficker is one of the most widespread computer worms in the world today. By understanding how Conficker works and the measures against it, protecting your computer will be easier.
The Conficker has become the most widespread computer worm affecting systems running Windows. Because it is so prevalent, you should be aware of the damage it can cause. You should also know how to remove it if your system is infected by one of its variants.
Types
One of the reasons why this computer worm is so difficult to detect is its speed of mutation and utilization of various techniques. It uses different ways of infiltrating computer systems, making elimination doubly hard. Currently there are five variants known.
Variant A affects the NetBIOS. Variant B also affects the NetBIOS and targets CD and other removable storage devices. It also creates a DLL file that connects itself to the removable drive. Version C of Conficker is similar to B. It also updates itself by connecting to several URLs. The same can be said for variants D and E.
The worm is also capable of launching itself at boot up. This is made possible because it stores a copy of itself in the system folder. In addition it also embeds a copy in the Registry keys.
Effects on Computers
The exact aim of the worm is not yet clear. But the symptoms itself cause harm in network systems. One of the most common effects is the termination of certain functions of Windows.
These include Windows Error Reporting and disabling the BTS (Background Intelligent Transfer Service). Other symptoms are a general slowdown of client / server processes. The Conficker worm also shuts down user accounts and makes it impossible to go to antivirus sites.
Other elements in the network that get affected are the regulations on account usage and privileges, which get reset. Trying to get updates of the Windows operating system is also made impossible. The end result of all this is that users and administrators will get locked out.
According to reports the worm infected several computers in the Defense Ministry in the UK. Over one hundred computers in the German military were also infected. Other countries all over the world were also affected.
Propagation
The variants duplicate in different ways. Variant A connects via HTTP to any of several hundred domain names to get updates. Variant B also has its own generator for getting domain names. Version C utilizes a named pipe to set back URLs and contaminate other computers over a LAN. Variants D and E of Conficker make use of a peer to peer network. It is also known to affect TCP. Currently, their structure is still being analyzed.
Removal and Prevention
All the major antivirus software companies have released updates to eliminate this worm. Microsoft also releases updates to protect the OS. For this reason it is important to keep both antivirus and your operating system updated. Get the service packs and patches as soon as possible. You should also be careful about downloading any files from the Net. Always scan it.
If you are an administrator performing checks and system upgrades is a must. If your antivirus program is subscription based, do not allow it to expire.
The Conficker can cripple a network. However you can arm yourself by backing up all your important files and running a virus scanner. This will save you a lot of potential trouble.
