Blog article
See all stories ยป

Conficker.B and other threats

There has been much of talk recently with regards to threats to computer security. The latest high profile threat is the Conficker.B worm, which targets machines using the MS Windows OS.

According to the Microsoft CSS Security Team, on the 1st April machines infected with the worm, "will begin to use a new algorithm to determine what domains to contact". Although it is unclear what malicious actions, if any, Confiker.B will undertake on the 1st April 2009.

The internet is not a safe place and precautions should always be undertaken. The advice to guard against this threat is the same as those for any other threat :

  1. Always install the latest patches for your system
  2. Ensure that your Anti Virus is up to date (if you don't have an anti virus solution and you're not an organisation, there are some good ones out there for "personal use" without charge)
  3. Ensure that you have a firewall soluion in place
  4. Ensure that passwords are not weak or easily crackable.


With regards to point 4, Microsoft have analysed the Conficker.B worm and have listed the passwords that the worm will use to attempt to take control of an infected machine. check them out in the "Analysis" tab here: www.microsoft.com/security/portal/Entry.aspx and change your password as necessary.

If, after having taken precautions you are as paranoid as I am, you may also want to monitor outbound network activity for anything unusual during 1st April 2009, as an infected machine will attempt to connect to a number of domains every 3 hours over HTTP.

2633

Comments: (1)

Ed Daniel
Ed Daniel - esdaniel.com - Europe 02 April, 2009, 04:59Be the first to give this comment the thumbs up 0 likes

I highly recommend reading and digesting the following 2 reports recently published:

Snooping Dragon

Ghostnet

Then for those that are curious to know what IT people do about security then this checklist from ISO 17799 is a good place to start.

If you are concerned about security then the best thing you can do is act, get external help and ensure a comprehensive review of your information security policy and its effectiveness is undertaken.

If you're working at home and have little IT knowledge then it would be best to find a competent IT resource to provide a day's consulting to let you know if you're safe or... not.