Some people are getting hysterical about Conficker’s deadly payload on April 1. 60 Minutes’
infomercial for Symantec special didn’t help, either.
Randy Abrams at ESET does a nice job of explaining the situation:
Yeah, Conficker is a serious problem, but not for home and corporate users who employ best practices already. The real problem is for the security professionals trying to prevent the worm from impacting the millions of people who fail to learn anything about security.
So, you still want to protect against Conficker? Here is what to do. Make sure that the Windows Security center is functioning and you are up to date on your Microsoft security patches. You can go to http://update.microsoft.com to manually check for updates. Make sure you’re antivirus product is up to date. Your antivirus product should be tested by Virus Bulletin (www.virusbtn.com) and/or certified by ICSA Labs, or have West Coast Labs Checkmark certification. Send me an email at firstname.lastname@example.org if you need help determining this. Exercise caution in what websites you visit and never open attachments unless you have verified that you know the person who sent them and that they really meant to send the attachment and that they also know what it is. These instructions are not specifically for Conficker, this is simply part of how you protect against all of the threats out there.
In other words, all that happens on April 1 is that Conficker’s next stage goes into place on already infected systems. This does not mean masses of new users will be infected. This seems to be the confusion.
As you know, the Conficker worm takes advantage of a vulnerability in Windows that Microsoft fixed in October of last year. If a machine is patched with this update from Microsoft, then that system cannot get infected by Conficker.
The reason some people are getting infected by Conficker is because their system(s) are unpatched. Or, they are patched, but are joined to a network where there is a computer that isn’t patched, in which case Conficker typically hops from a network share onto the local box when logging in with a domain admin account.
Nevertheless, Conficker is being really hyped as something terrifying on April 1. It’s true that “something” will happen on April 1, but you need to be infected first with the worm for this event to affect you. If you’re not infected, nothing will happen. And as Joe Stewart says, if you’re reading his blog page, you’re probably not infected (because Conficker targets his site).
So, just make sure your system is updated with the latest updates from Microsoft, and keep your antivirus software updated.
If you’re worried in general about vulnerabilities in your computer, you can always go run the free inspection tool at Secunia.com. It will tell you what programs on your computer need to be updated.
You can also run the free Sunbelt Conficker scanning tool here.