The Conficker Worm – my review
The Conficker Worm – my review
There have been many articles, reviews, information and posting about the Conf*ker as many people have started calling it. Depending on who you talk with you can replace the * with anything that suits your feelings towards it. The most interesting thing about this threat isn’t the fact that it’s neither a new one nor a new attack form, it’s the same old attackers doing the nefarious things they do but with a bit more sophistication. For me as an IT guy looking at all this, i’m getting the wow factor from some of the new developments and traits of the threat. So my take today will not be to overwhelm you with all the techno jargon and high level breakdown of the threat but just to speak on it in the most basic form so that even those who are non technical can grasp the severity of it.
So here goes.
If you get infected with the Conficker worm you’re screwed. Bottom line.
If this is a system that is on a business network it must be removed, quarantined, disinfected by any means necessary. Take no chances with this threat.
Get my drift?
Is this basic enough to understand?
Ok, let’s take it from another angle.
This worm is a blended (virus, worm, rootkit, botnet, adware, malware and the what else factor) threat in a blended threat with blended characteristics. It’s like catching a cold and getting a headache, ear ache, stomach ache, backache and chest pains all in one. It starts with a simple cold but quickly spreads to other critical areas of the body causing serious effects and harm. This threat is in a class by itself as it deploys various additional agents around the system that causes complete successful removal to be unclear.
If you have been infected with the worm you’re only real option is to completely wipe the system. Unplug, power down, power drain, complete power loss to all storage capacities of the system. This is a very serious threat.
As for those who have been asking about which anti-virus solution is best to protect against this, there isn’t one. Anti-Virus alone is not going to protect you from this threat and the blended effects. It will take a number of things to make this happen and here’s my list.
1. System must be fully patched from all angles, the operating system, the applications, services, devices and drivers. When patching the Microsoft Windows operating system many people have auto update enabled but in different settings. Some have alert me of new updates but never apply the new updates. Some have it set to download and wait for my approval and they never approve the installation of the updates. Some have it set to download and install all updates. This is a good option to have. When patching the OS one must be prudent so as not to only apply critical patches but all software, severe and high updates as well. So I recommend if you’re doing the built in auto update please use the download and apply all. If doing it manually do a custom update which will reveal all the patches and updates needed.
2. Anti-Virus alone will not protect you from this worm and most of the new threats in the IT Security Threats Landscape today and tomorrow. The need for an anti-malware solution is critical to combine the protective layers of web/content filtering, IDS/IPS, anomaly/heuristics based detection, network and proactive threat protections. This is a backup to the patching already performed on the system. A fully patched system can still be compromised if a targeted malicious code is allowed to reach it.
3. Common sense if the name of the game and the winner of all security practices. Adding to the patching of the system and having the needed security solution comes the best practice of all, the user’s common sense in using the system effectively. As the person using the system one needs to pay very close attention to details in their messaging, web browsing and IM practices. Opening emails from known and unknown sources requires due diligence in thinking about the nature of the message, the contents and what is its relevance to you. A message from a known source may not have been sent by them but could have been the result of an infection on their system(s). This is the same for email and IMs. There are many IM worms that will hijack your IM client and send out messages to everyone in your contact list pointing them to a website for them to get a drive-by-download. Many people think very little of web based attacks while they are the fastest growing today because of the ease of infection and the delivery of the payload.
4. User education and awareness. This is a very critical issue as many seem to think that these issues are a corporate or industry problem. When a threat like Conficker goes into the wild it is not targeting specific systems in specific industries only, it is doing a general attack across all systems within its path. IT Security is a people problem and we are all in its path whether we like it or not and no matter what OS vendor platform you’re on/running.
5. Enable your built in firewall or get a third party one to put up some form of perimeter defenses.
6. There are security suite solutions that bundles multiple security technologies and features in one suite. That may be a more viable option for you because of the integration and management options.
The fact of the matter is, we have these issues at the level they should have been years ago, in the media and across all industries as a people problem, not an industry one. I take the same approach to Conficker as I do to rogue Anti-Virus 2008/9 threat, if detected, wipe, clean, rebuild, reimage.
This isn’t something to play around with what is or if it is cleaned. The only way to be sure is to wipe it all out.
Thank you and have a great day,
~Brett A. Scudder~
The IT Security Attaché
| 
| 
| 
| 
| 
| 
My Wall RSS Feed
Loading ...
This is a very scary wake up call, especially to systems that are running with a below average AV or those not running any at all. Conflicker is a High Tech virus able to jump over AV so an extra firewall and a Malware protection is a definite necessity.
This informs us of how much we need to be educated about the risks that are on the net as well as how to combat them.
Over-all I’m thankful for the early info on this new Worm/attack.
Keep up the good work.
PS. I know you’re not being paid for advertising but any suggestions on AV’s, Anti Malware, and Firewall etc.
Kevin Thomas.
It’s 2009, and we still don’t really get Information Security, sadly enough. I hope that April 2009 does not catch us completely off guard.
Here’s some potential good news!
http://www.channelregister.co.uk/2009/03/30/conficker_signature_discovery/
Pretty scary really. As malware authors keep getting more sophisticated, a large percentage of the computing public remains mostly clueless. They expect that they can go buy their Symantec or McAfee, install it, and then just surf wherever they want or open any email they want, expecting that their purchase will protect them.
Job One is getting the public to understand the seriousness of the threat.
Thanks for a great article.
Greetings and thank you for your feedback and comments on this issue.
Mr. Thomas,
Yes sir, education and awareness is a key element to winning this fight and I try to do that as much as I can, educate and make aware.
Mr. Baker,
We can hope that this will be a better wake up call for most people as they still love in the shadows thinking they are safe from all this. IT Security is a people problem and as such must be dealt with that way.
Thank you for sharing the link to that news article.
Mr. Smith,
Indeed they are getting more sophisticated in their methods of attacks and is why people need to think outside the box and start realizing that they are a part of a bigger picture, the internet.
I can’t begin to tell you how many infected systems i’ve worked on that had anti-virus that was not updates, patched, current nor even active, the user just saw the icon and thought all was well.
The most challenging part of what I do is to tell someone who has never had a “known” infection that this is something they should take seriously and be very concerned about. It becomes that old saying “if it isn’t broken why fix it” issue.
We need this to be an international initiative where laws and policies govern these issues and help to make them more known and understood.
So many people were concerned about what if it is a fake that they still didn’t take the time to patch and update their systems yet they had time to be making ridicule of it. I find that to be more scary than the threat itself.
What can I say?
We have our work cut out for us.
Thank you and have a great day,
~Brett A. Scudder~