Mar 30 2009
The Conficker/Downadup panic
There has been a spate of somewhat overwrought news coverage on the “Conficker” (a.k.a “Downadup”) virus recently. Here are the basics…
The best, most recent estimate of the number of Conficker-infected computers is around 10 million. This is a big number, but a very small percentage of all the computers in the world. More than half of these systems are in countries with a high percentage of users running pirated versions of Windows who cannot easily obtain security updates. The big issue with Conficker is not its prevalence, but that it represents a huge network of computers — a “botnet” — that can be employed by the bad guys to do unsavory things.
Conficker has been spreading for a few months, but the Conficker-built botnet actually goes live this Wednesday, April 1. That’s when all those infected machines start trying to “phone home” for instructions and updates. This event is what triggered all the news coverage and Viewing With Alarm. In the meantime, an ad hoc, international team of security experts has been working hard — and rather effectively — to block and shut down Conficker’s list of command and control servers. Drama. Skulduggery. International intrigue. Somebody is going to write a great book about this battle some day.
So, what does this mean for those of us just trying to get some work done? Well…
If your antivirus software is up to date and working, you should be OK. In fact, since Conficker also spreads by infecting USB flash drives, your antivirus software is definitely your first and most important line of defense. All reputable security software vendors are well-aware of Conficker and have had detection and removal routines in-place for quite some time.
Conficker’s primary route of infection exploits a vulnerability patched by Microsoft many months ago. If you’ve been applying Microsoft security updates regularly, your system should not be vulnerable to this technique. If you’ve been ignoring the little yellow shield down there in the System Tray, you should stop doing that.
Bottom line: If you’ve been paying attention to the security basics, Conficker will likely pass you by. Don’t let your guard down, though. Conficker is a very sophisticated piece of malware and the authors will almost certainly release a new strain in short order. If you’ve been careless, see the above “Conficker/Downadup detection and removal” post.
2 responses so far
[...] hype, odds are you won’t get hit by the Conficker virus. See the earlier post on “The Conficker/Downadup panic” for background. However, if you’ve been remiss with your security updates or let your [...]
[...] detection and removal” article for details on how to do this. See “The Conficker/Downadup panic” for background. And at least get a decent antivirus program up and running, for crying out [...]