Every few years it seems like a massively virulent worm makes its way around the internet, and certainly this year is no exception. The worm that everyone has been talking about the last few weeks is the Conficker Worm (Conficker.C to be precise, as this is the third variant of this worm). This little piece of code does a lot to hide itself and takes advantage of a flaw in unpatched Windows systems. It has the potential to be very nasty and can quickly spread around a network (and beyond) if left unchecked.
Over 15 million PCs have reportedly been infected, and all of these suspected infections are supposed to kick in and “phone home’” on April 1st. What happens when all these machines start phoning home? No one knows for sure since it hasn’t happened yet, but the general consensus is that one goal may be to create a giant distributed computing environment that can be used for many different purposes; from spamming to snooping, collecting data, logins and passwords, sensitive information and so forth. Another potential use would be a large-scale Distributed Denial of Service attack (DDOS attack).
Most of the Anti-Virus companies out there have been talking about conficker for weeks or more, and offer ways to keep your systems updated. Make sure whatever anti-virus package you use, you keep updated. Also install all the latest patches and/or service packs for your operating system (Mac users don’t have to worry about conficker unless you’re running Windows in a virtual machine or dual booting (i.e. bootcamp)).
Another great weapon against worms like conficker is the free DNS service called OpenDNS (www.opendns.com). We’ve talked about OpenDNS before and how it can keep your browsing safer and more secure. They’re an excellent service that enables you to fine tune your DNS and control what your users (or children) can and can’t get to.
OpenDNS has been actively updating their blocklist to include all the domains conficker may try to contact. Worms like conficker, once activated, contact sites on the internet to get further instructions on what do to, where to go, etc. Conficker.C supposedly generates some 50,000 domain names a day so trying to keep up with your own blocklist by hand would be a daunting, if not impossible task.
That’s one of the beautiful things about OpenDNS, is that they keep those blocklists updated for you. By blocking access to those domains at the DNS level, you can effectively shut out any possibility (or most possibilities) of the worm actually being able to do anything.
So to protect yourself, some things to consider:
- Update your anti-virus programs as soon as possible
- Ensure real-time scanning is enabled on your Anti-Virus programs
- Install all hotfixes, patches and updates
- Turn on firewalls if appropriate (at the router or perimeter as well as individual machines – Again, do so where appropriate and make sure doing so doesn’t break any critical applications or connectivity)
- Utilize a service like OpenDNS that blocks the vast majority of threats like the Conficker worm at the DNS level
Following these steps can go a long way to preventing the spread of worms, viruses and other general nuisances.
If you have a method or tool you use to keep your networks safe, please feel free to share!