More about the Conficker/Downadup worm

After my appearance on the Andy Bumatai Show last Tuesday, I received a flurry of questions and kudos regarding the Conficker.C worm, also known as Kido or Downadup. This worm is supposed to change its behavior on 1 April 2009, and the publicity has given the bloggersphere and mainstream media a new reason to discuss computer security. The archived video for my segment is not on YouTube, but it is available at www.theandybumatiaishow.com - you’ll have to:

1. Turn on the video viewer
2. Hit the on-demand button
3. Click the Andy Bumatai Online show tab,
4. Look for the archived show for March 24, 2009 and
5. Choose Segment 2.

I had a blast doing this show - Andy is a great interviewer, and the questions from our online audience were great. I hadn’t been to ING’s Waikiki location before - it looked more like a coffeehouse than a bank!

How to tell if your computer is infected by Conficker

Ken Colburn on CNN has identified two signs that your Windows computer might be infected with Conficker. The worm tries to shut down automatic Windows updates, and also attempts to block the Windows Update site itself. If Windows Update isn’t working on your computer, try an official alternate site like http://safety.live.com If you’re still having issues, it might be time to get professional help to remove the worm. In the meantime, disconnect that computer from your Internet connection so the worm can’t use the connection or your data. The main points of this segment are shown in the following screencap. The misspelling of “anti-virus” is an added bonus from CNN. The CNN video is also available at this page.

Be prepared

Once again, this worm affects only Windows computers. If you’re using a Mac and you don’t have Windows installed on that computer, you are in fine shape. The major antivirus companies already have updates and cleaners ready. Just make sure your antivirus is up to date. If you’re not running an antivirus program, try Avast. It’s free for home users.

Never ever try to run two or more antivirus programs on your computer! It’s a recipe for disaster, as each antivirus program might think the other is a virus or worm.

In an odd twist, searching Google for Conficker worm remedies tends to bring up far too many programs that actually try to install malware and worms instead of removing these programs. As I mentioned on Andy’s show, one program that I have used with good results is SpywareBlaster. It doesn’t remove spyware and worms, but it can close many of the holes and browser issues that spyware developers like to exploit.

Block that worm with OpenDNS and a strong password

I do recommend using OpenDNS as a quick and free fix. If your computer hasn’t been hit by this worm, OpenDNS will block the web sites that Conficker uses - and give you a nice speed boost in the process. OpenDNS won’t help you if your computer is infected, but it will stop the worm from spreading to other computers.

One point I neglected to mention during Andy’s show is that this worm tries to hack into Windows accounts by using a dictionary attack. It’s never a good idea to use a password that is an actual word, but this type of attack tends to work because so many users ignore that advice. See my articles about passphrases and secure passwords for some tips.

For a quick fix, add a punctuation mark, symbol or a number somewhere in your password - and not at the beginning or end of the password. It’s best to stick with symbols that are on your computer’s keyboard, but be aware that some web sites do not allow these types of characters in passwords.

Related posts and pages on billso.com

• OpenDNS
• 24 March 2009: I’m on the Andy Bumatai show discussing the Conficker/Downadout worm
• 25 July 2008: Fixing the DNS security hole
• 24 April 2008: Change that password into a passphrase
• 15 January 2008: OpenDNS update
• 13 July 2007: Speed up your broadband connection with OpenDNS
• 11 January 2007: How to create a secure password

Tagged as: authentication, Microsoft, opendns, security, virus, Windows, worm