Millions of Windows PCs have been infected by a new computer worm dubbed 'Conficker'. Here's how you can protect your PC.
'Conficker' is a malicious worm that uses computer or network resources to make complete copies of itself and may include code that damages both a computer and network.
Once executed, Conficker disables a number of system services, including Windows Automatic Update, Windows Security Center, Windows Defender, and Windows Error Reporting. Conficker then connects to a malicious server, where it downloads additional malware to install on the infected computer.
See also: Conficker virus hits Sheffield hospitals
Conficker can spread in three ways.
First, it attacks a vulnerability in the Microsoft Server service. Computers without Microsoft's October emergency security release can be remotely attacked and taken over.
Second, Conficker can attempt to guess or 'brute force' Administrator passwords used by local networks and spread through network shares.
And third, the worm infects removable devices and network shares with an autorun file that executes as soon as a USB drive or other infected device is connected to a victim PC.
Four ways to protect your PC against Conficker
- Scan all files Since Conficker uses random extension names to avoid detection, Windows users should make sure their security software is set to scan all files, rather than checking on specific extensions.
- Update Windows The alarmingly high number of Conficker infections led Microsoft last Tuesday to enable its anti-malware utility, Microsoft Software Removal Tool (MSRT), to detect the worm. So it's important that Windows users, if they haven't already, download the latest Microsoft security patch that went out earlier this week.
- Use a blocklist This is less relevant for home users, but network administrators can also use a Conficker blocklist provided by F-Secure to try and stop the worm's attempts to connect to websites.
- Disable Autoron You can disable Autorun so that a PC won't suffer automatic attack from an infected USB drive or other removable media when it's connected. The Internet Storm Center links to one method for doing so, but the instructions involve changing the Windows Registry and should only be attempted by adminstrators or tech experts.