There has been a certain amount of publicity recently about the CONFICKER super worm which has infected hospitals, Royal Navy warships, industry and the latest news from a leaked memo says that our Parliament has also been infected.
The conficker worm spreads through several update mechanisms, a well-known Windows vulnerability and tainted USB drives being just two. Once it secures a foothold on an infected network, the worm can spread widely across network shares by exploiting weak password security, a major factor in its high prevalence within corporate systems.
Researchers have reverse engineered the worm and it is apparent that an event is targeted for April 1st (April Fools day) and while most April Fool’s jokes are harmless this one may not be.
Conficker has been polling 250 different domain names every day to download and run an update program. On April 1st, the latest version of Conficker will start to poll 500 out of 50,000 domains a day to do the same thing. What effect that will have is at present unknown.
How can you protect your systems from the Conficker worm? This can be achieved through good security practices, including those defined in ISO27001:2005, The information Security Standard.
If you are worried about your systems and suspect that yours are infected there are a number of good detection tools available.
One indication that you may be infected is the inability to connect to various security web-sites, Conficker prevents your system gaining access.
We employ several layers of protection, including McAfee anti virus, anti spam/malware and email filtering so I was not unduly worried, but we did run a scan of all our systems just to be on the safe side.
We ran http://support.f-secure.com/enu/home/onlineservices/fsec/fsec.shtml, which is a free scan and this confirmed we were conficker free.
Don’t be caught out and be an April Fool
Consultancy, Quality Matters Limited.