Threat of the Month — Conficker

September 10, 2009

Conficker

What is it?
Conficker, which is both a worm and a bot, is one of the more sophisticated pieces of malicious software (malware) we have seen to date.

How does it work?
Conficker first spread, primarily in the corporate environment by exploiting a vulnerability in Windows for which a patch had already been released. Home users who left Microsoft Update enabled were not initially affected. Once inside a network, Conficker spread to network shares. If the shares were protected with a weak password, then Conficker might still be able to spread as it is programmed to guess weak passwords.

How can I prevent it?
The same defenses that are effective in preventing most other malware are effective in preventing the infection and spread of Conficker. Always keep your OS and applications patched to the most current security level. Disabling AutoRun on Windows machines is always prudent. If you must have shared folders, then use strong passwords. Also, use security software, such as anti-virus and a firewall.

– Randy Abrams, director of technical education, ESET

prestitial ad