Mon, Jan 26, 2009
Conficker
A new computer virus/worm called "Conficker" or "Downadup"
(and variants) is spreading quite widely; it is being called in the media the biggest
worm attack in years, and has allegedly infected nearly
nine million PCs in a couple of weeks. Conficker
gives full control of your computer to criminals.
Like most worms, Conficker exploits over the network a
recent vulnerability in Windows, for which a patch exists, and can
be defended against by keeping your machine up to date. However,
Conficker also exploits a feature of Windows called "Autorun"/"Autoplay"
to spread itself via removable media (e.g. USB flash drives) or network
shares. Autorun/Autoplay can cause programs to be run automatically
from removable media (USB keys, memory cards, CD-ROMs etc.) when they
are first connected to a computer, or when a user clicks the drive
icon for a removable device. In Windows Vista, or Windows 7 beta, when
removable media is attached, an AutoPlay menu of options will pop up,
one of which will be to run the virus. Unfortunately, the virus lies
about what will happen if you select the option that run it, claiming
it is
"Published by Microsoft Windows" and will merely "Open folder to view
files". As a result, it is difficult to tell which choice on the
AutoPlay menu harmlessly views the files on the media and which one will
install the virus on your computer. It is safest to
disable Autorun/Autoplay entirely on Windows computers.
Autorun/Autoplay
Autorun/Autoplay is a feature of Microsoft Windows that allows software on
removable media (such as flash drives or memory cards) to run automatically.
Some worms/viruses, such as Conficker, use Autorun/Autoplay to propagate
from one machine to another. It is safest to disable Autorun/Autoplay
entirely on Windows computers.
To disable Autorun/Autoplay, follow the instructions at
http://www.us-cert.gov/cas/techalerts/TA09-020A.html.
Microsoft has admitted that their original instructions
do not fully disable Autorun/Autoplay, and have provided
updates at
http://support.microsoft.com/kb/953252. The loss of the autorun/autoplay
feature will mean that software will no longer run automatically when
you insert digital media. Most often, this means that software will not
automatically install when you insert the installation CD or DVD, and
you will have to click the drive icon of the removable device and then
double-click on the installer icon (usually called "setup"). However,
music and video CDs and DVDs will continue to play automatically.
![[Valid HTML 4.01 Transitional]](/support/security/valid-html401-blue.png){kind=small}
![[Valid RSS]](/support/security/valid-rss.png)
![[Valid Atom]](/support/security/valid-atom.png)