The Conficker worm is still infecting systems at a brisk rate and continues to snag computers in Fortune 1000 companies, according to security researchers.
The worm is infecting about 50,000 new PCs each day, according to researchers at Symantec, who reported Wednesdaythat the U.S., Brazil and India have been hit the hardest.
“Much of the media hype seems to have died down around Conficker/Downadup, but it is still out there spreading far and wide,” Symantec said in a blog post.
Conficker began spreading late last year, taking advantage of a recently patched flaw in Microsoft’s Windows operating system to infect entire networks and also using removable storage devices to hop from PC to PC.
Security experts say it has now infected millions of computers worldwide, which now comprise the world’s biggest botnet network.
“We can see that companies that spend literally millions of dollars on equipment and gear to prevent infections … these Fortune companies have had this infection and it’s stayed in their networks for a long period of time,” said Rick Wesson, CEO of Support Intelligence and a member of the Conficker Working Group.
“It’s really hard and really expensive, and if the Fortune companies can’t stop it, how can you expect small businesses to do it?”
The Working Group has set up so-called sinkhole servers that can communicate with infected machines. It has spotted infections within many Fortune 1000 companies, Wesson said. “Everybody got hit,” he said. “Even Microsoft still has infections.”
The worm got a lot of media attention in late March, and while the news stories have tapered off, the worm isn’t going anywhere.
Some worried that an April 1 change in the way Conficker received updates could mark the beginning of a new round of Internet attacks, but in reality the Conficker network has been only lightly used, security experts say.
“It’s still a significant botnet. It hasn’t done anything of significance, but it has not gone away,” said Andre DiMino, cofounder of The Shadowserver Foundation and a member of the Working Group. “The remediations need to ramp up.”
“This thing is not dead,” he added. “Everyone has kind of passed it over, but it’s not dead.”
How to protect yourself
Here are some great ways you can try to protect yourself from Conficker – offered to us by Computerworld blogger, Steven J. Vaughan-Nichols.
These include disabling AutoRun, since Conficker can spread by infected USB drives; using current anti-virus software; use Windows’ own malicious software removal tool; or, switch to OpenDNS for your DNS service.
There are many ways to try to stop these attacks, Vaughan-Nichols notes. Unfortunately, the bad guys are always working on getting newer and better ways to infect your system.
The sad truth is no matter what you do with Windows, whether you’re running XP, Vista, or the Windows 7 beta, you’re not safe. Now, however there’s a patch that will stop Conficker, and almost all other malware programs, in their tracks. It’s called Linux.
To install it, you’ll first need to back up all your personal data.
For this specific job, it’s advisable to copy your My Documents directories and files, bookmarks and the like to a CD, DVD, or USB drive.
Once that’s done, you’ll need to download one of the various Linux desktop patches. Vaughan-Nichols recommends any of the following: Fedora 10, openSUSE 11.1, Ubuntu 8.10, Mint 6, or MEPIS 8.
Once you’ve installed your ‘patch’ and logged in to your new, safer desktop, you’ll need to copy over your old files to your new main directory.
To get your Internet Explorer bookmarks into Firefox, which will be one of your Web browser choices, follow the instructions in this mozillaZine article.
For Outlook, if you’re using the newest version of Evolution, you can directly import your Outlook PST (Personal Folders) files. If you prefer Thunderbird for your e-mail, these instructions should see you through.
If you find you really need to run some of your old applications on your new system, CrossOver Linux can be a great help. You can always find many other programs that will do thesame work as your old programs.
For example, there’s little, if anything, you can do with Microsoft Office that can’t be done with OpenOffice.
With your new Linux ‘patch,’ you’ll soon be working as productively as ever and without any security worries.