Conficker worm has activated!

 

The latest Conficker worm, that exploits Windows based operating systems, has activated. A worm is a self-replicating computer program that takes advantage of vulnerabilities, or weaknesses, in computers. Once the worm has infected a computer, it generally has full access and can steal information from the computer or take control of the computer. The Conficker worm, once it infects a computer, is programmed to gather financial information (such as social security numbers) and send it to a central location.

Who is most at risk?

According to Microsoft, the following computers/devices are most vulnerable to Conficker:

  • Shared computers with weak passwords
  • Computers with open shares
  • Computers without the latest security updates
  • Removable devices such as external hard drives and USB sticks
  • Computers that are unpatched and not running Antivirus.

Protect your computer:

The most important thing you can do to protect your computer is to have an up-to-date anti-virus program running. Students can download McAfee anti-virus for free and staff and faculty pay a low fee through the Software Licensing website: McAfee Virus Scan Enterprise.

Additionally, make sure that all Microsoft patches and updates are applied on your machine – especially MS08-067. 

What to do if your computer is infected:

End Users

If your anti-virus program indicates that you have been infected with the Conficker virus, notify your local IT Manager or contact the Campus Help Desk at 801-581-4000 or the ITS Help Desk at 801-587-6000.

IT Managers

  • Conficker blocks infected machines from running removal tools with "Conficker" in the name, so IT managers might have to change the name of the removal file before running it.
  • Once the worm is inside a machine, it applies its own version of the Microsoft patch that fixes the vulnerability Conficker exploited in the first place. So running a standard network scan, looking for unpatched machines, might not identify machines, even though some computers on the network are infected.

Additional/Technical Information: IT Managers must notify ISO if a machine is infected so that any outbreaks can be trended. ISO can also offer assistance with removal of the worm.

SC Magazine:

"When it activates, version C will prevent certain security products and services from running and will block infected computers from connecting with certain security websites. The list of security processes that the component attacks include some popular tools, including Wireshark, procmon, TCPView, and RegMon. In addition, the worm's authors moved from a 250-a-day domain-generation algorithm to a new one that generates 50,000 domain names." http://www.scmagazineus.com/No-joke--Conficker-worm-set-to-explode-on-April-Fools-Day/article/128808/

For More:

Check to see if you are infected by using the Conficker eye chart. Note: Access to this page is restricted to the utah.edu domain, and some uen.org, machines.

Conficker Computer Virus Outbreak Underway

Conficker/Downadup Computer Worm Detection Tool

SC Magazine

Snopes

Norton

McAfee

Microsoft: Protect yourself from the Conficker computer worm