In recent days, for some months now, the computer worm Conficker has infected between 9 and 15 million PCs worldwide.
The worm is nothing more than a virus, a malicious programming code, which loads itself on the computer and leaves it vulnerable to external attacks without noticing anything .
Conficker (or Downadup) has spread with different variants, marked with letters of the alphabet that is, A, B and C, the most evolved and most harmful variant.
Conficker uses a Windows vulnerability that was discovered in September 2008 and for which Microsoft had released a patch as a critical update.
The first worm that used the vulnerability to open a port on the computer was discovered in November 2008.
In reality, the effects of this virus are not visible at all and you can continue to use your pc, without realizing anything.
Infected machines can be safely used from the outside by attackers who can exploit them for illegal activities.
Conficker, in its variant C, starts a series of processes on infected systems, including opening a random port which is used in the worm propagation process.
The worm then opens a security hole on the computer giving permission to any attacker to attack the system and use it however he wants.
And it does not end there, the virus keeps a "backdoor" open so that it can host the new variants and blocks internet access on some websites to prevent users from accessing pages that contain information and instructions on removing the worm.
The real danger, proven by the experts who studied the code, is that Conficker is scheduled to connect to the internet on April 1st 2009 (Tomorrow) awaiting instructions from its creators.
Practically, it could happen that about ten million computers wake up together tomorrow ready to perform illegal functions.
Today's hackers are much smarter than they were in the past, when they only aimed to amaze the world for a moment of glory.
Today hackers do this job to earn money therefore, the most likely use of Conficker should be to make available to the creators a fleet of many "Zombie" PCs, to rent to the best bidder to send spam and to steal sensitive data
In the event that the unsuspected infected computer continues to surf the internet, defenseless and without bothering to protect itself, Conficker will automatically attempt to download updates to become increasingly unassailable and violent, and, at the same time, will prevent the PC from downloading. security updates, both from the Microsoft site and from antivirus sites.
The worm is therefore not expected to damage the system, the real danger is the sophisticated auto-update mechanism implemented in variant C.
Basically the worm generates a huge list of domain names, around 50, 000 and, every 24 hours, it will try to connect to 500 of them to look for new instructions and update itself.
The easiest way to detect if your Windows computer is infected with Conficker is to access a site such as Microsoft.com or Symantec.com, then access, always through a browser, their relative IP addresses 207.46.197.32 and 206.204.52.31 and check if there are differences.
To check the system and make sure you don't have the computer virus, you can use tools that have been specifically designed to detect and remove all Conficker variants .
ESET Conficker Removal Tool or F-Secure can be used .
The best site to find information on the Conficker virus and its evolutions is Sans.org with lots of tips to locate and eliminate it.
I sincerely recommend checking to find out if your computer is infected, even if the PC is functioning well and does not present any apparent problem.
The worm is nothing more than a virus, a malicious programming code, which loads itself on the computer and leaves it vulnerable to external attacks without noticing anything .
Conficker (or Downadup) has spread with different variants, marked with letters of the alphabet that is, A, B and C, the most evolved and most harmful variant.
Conficker uses a Windows vulnerability that was discovered in September 2008 and for which Microsoft had released a patch as a critical update.
The first worm that used the vulnerability to open a port on the computer was discovered in November 2008.
In reality, the effects of this virus are not visible at all and you can continue to use your pc, without realizing anything.
Infected machines can be safely used from the outside by attackers who can exploit them for illegal activities.
Conficker, in its variant C, starts a series of processes on infected systems, including opening a random port which is used in the worm propagation process.
The worm then opens a security hole on the computer giving permission to any attacker to attack the system and use it however he wants.
And it does not end there, the virus keeps a "backdoor" open so that it can host the new variants and blocks internet access on some websites to prevent users from accessing pages that contain information and instructions on removing the worm.
The real danger, proven by the experts who studied the code, is that Conficker is scheduled to connect to the internet on April 1st 2009 (Tomorrow) awaiting instructions from its creators.
Practically, it could happen that about ten million computers wake up together tomorrow ready to perform illegal functions.
Today's hackers are much smarter than they were in the past, when they only aimed to amaze the world for a moment of glory.
Today hackers do this job to earn money therefore, the most likely use of Conficker should be to make available to the creators a fleet of many "Zombie" PCs, to rent to the best bidder to send spam and to steal sensitive data
In the event that the unsuspected infected computer continues to surf the internet, defenseless and without bothering to protect itself, Conficker will automatically attempt to download updates to become increasingly unassailable and violent, and, at the same time, will prevent the PC from downloading. security updates, both from the Microsoft site and from antivirus sites.
The worm is therefore not expected to damage the system, the real danger is the sophisticated auto-update mechanism implemented in variant C.
Basically the worm generates a huge list of domain names, around 50, 000 and, every 24 hours, it will try to connect to 500 of them to look for new instructions and update itself.
The easiest way to detect if your Windows computer is infected with Conficker is to access a site such as Microsoft.com or Symantec.com, then access, always through a browser, their relative IP addresses 207.46.197.32 and 206.204.52.31 and check if there are differences.
To check the system and make sure you don't have the computer virus, you can use tools that have been specifically designed to detect and remove all Conficker variants .
ESET Conficker Removal Tool or F-Secure can be used .
The best site to find information on the Conficker virus and its evolutions is Sans.org with lots of tips to locate and eliminate it.
I sincerely recommend checking to find out if your computer is infected, even if the PC is functioning well and does not present any apparent problem.
