Thursday, April 16, 2009

What is the Conficker Virus?

What is the Conficker Virus? The Conficker virus (aka Downup virus, Downandup virus, Conflicker virus, and Kido virus) is a worm. A worm is a type of virus that spreads itself through networks. Basically someone starts it up and it starts looking around a network that it is connected to - including the Internet - to find computers that are vulnerable to infection.
What computers are vulnerable to the Conficker virus? Any computer that is or has been connected to a network (including the Internet) and running the following version of Windows:
1. Windows 2000 (very vulnerable)2. Windows XP (very vulnerable)3. Windows Server 2003 (very vulnerable)4. Windows Vista (less vulnerable)5. Windows Server 2008 (less vulnerable)
Microsoft put out a patch to fix the vulnerability: Microsoft Security Bulletin MS08-067 - Critical. Computers that have had the patch applied, providing that the Conficker virus was not already on it, are not vulnerable to attack via a network.
What is the "vulnerability"? How can the Conficker virus gain access to a computer over a network? All computers that are able to share information over a network have programs running on as part of the operating system that "listen" for communications from the network. For instance, if a co-worker on another computer wants to access a folder on your computer they (through their computer) send a message to your computer asking to access the folder. The appropriate operating system component on your computer handles the request and gives access or denies access to the file based on whether you shared the file and gave the requestor permission to see it. The important thing to understand is that a program on the requesting computer makes contact with a program on the listening computer and gets the listening program to do something for it.
If the listening program mentioned above has a bug in it that can enable the requesting program to make it do unsavory things - like give the requesting program access to install itself on the receiving computer - then that would be a "vulnerability". In the case of the Conficker virus that is basically what was discovered - the program that lets you share folders and printers and other things on a Windows computer, called the Windows Server service, had a bug in it that would allow another program to get it to do things that would then allow a program to be installed over the network without anyone knowing about it.
What would protect me from the Conficker virus or similar viruses? If your network and computer are being protected by a properly configured firewall then you were really never at risk. If you applied the patch Microsoft put out for this vulnerability by running Windows updates then your Windows computer was not vulnerable for long and is no longer vulnerable. If you are running Windows Vista and have the UAC turned on (the thing that asks you "Confirm or Deny" whenever you try to install anything) then you are minimally at risk.
There are many ways to make a system more secure but basic security practices would have minimized your risk to this virus as well as similar ones:
1. Use a firewall - this will stop almost any worm attack.2. Stay on top of updating your operating system.3. Use an up-to-date antivirus program.
The above go a long way toward keeping you productive and safe from viruses.

No comments:

Post a Comment

counter to blogger