Tuesday, March 31, 2009

How to Protect Your Computer Against the Conficker Worm

From the House of Commons in the United Kingdom to servers of corporations in the United States to the average user across the globe, the Conficker Worm is attacking anything and everything in it's path, wreaking havoc and killing Internet connections, slowing corporate functions and infiltrating the most sensitive of data. April 1st of 2009 is supposed to be a payload date, which as of this article, is only two days away. So, how can you stay protected?

Instructions

Step1:
If you have a Mac or a Linux machine, breath a sigh of relief; you don't have the right code to be infected. If you're running Windows as your platform of choice, listen up, because this is critical; time is of the essence. You may experience any number of symptoms which are common like loss of Internet connection and loss of local network connection and which are less common like Automatic updates and Microsoft services being disabled.

Step2
Update your anti-virus software. Disconnect your computer from the Internet and scan your system, if you believe you are already infected. To stop the spread of the worm, see step 3. If possible, back up your data ASAP.
Step3
Disable Auto-play in Windows. For Vista: Start > Control Panel > click Play CD's or other media automatically > uncheck Use Autoplay for all media and devices. > click OK. For XP: Start > Run Enter GPEDIT.MSC >
The Group Policy dialogue box will appear. On left panel, double-click Computer Configuration > Administrative Templates > System > Double-click the Turn autoplay off option. The reason behind disabling autoplay is that Conficker can be spread through USB flash drives infected with code that starts on auto-play when the infected drive is inserted into the computer. Disabling auto-play is a good way to ensure against any malicious code automatically gaining access to your computer.
Step4
If you have the Conficker worm, DO NOT DO A SYSTEM RESTORE. Like most malware, Conficker hangs in the restore points and reactivates when you do a system restore. Utilize a decent anti-virus solution such as AVG, Avast!, or Malwarebyte's Anti-Malware. Again, disconnecting your computer from the Internet is critical to prevent the spread of the worm or the continued use of your computer by the worm for devious purposes. Windows Malicious Software Removal Tool can be used to detect and remove the Conficker worm as an option as well.
Step5
Regardless if you are on a network or a standalone computer, download the Microsoft update patch KB958644 (MS08-067) This will fix a security vulnerability that is exploited by the Conficker worm. For more information on how to exactly deploy this update across a network as well as additional information on Conficker, please visit the link in the Resources section.

No comments: