Some readers may be unfamiliar with US-CERT. US-CERT is a big deal. It's the official United States Computer Emergency Readiness Team.
As a division of the Department of Homeland Security, they're charged with helping keep U.S. citizens' computers safe.
This week, in their revised advisory on Downandup / Conficker, they announced that the recommendations from Microsoft to help protect yourself from the worm are "not fully effective." Ouch.
We originally covered the Downandup / Conficker worm after Computerworld revealed 1 in 3 PCs was still vulnerable.
Considering that Microsoft issued a Downandup / Conficker alert and a worm patch way back in October 2008, the responsibility for the worms spread can't really be put at Microsoft's feet. They issued an "out-of-cycle" (i.e. emergency) patch for it, it's up to us as consumers to take action.
Lastly, lest it go unsaid, remember that firewalls and antivirus software alone are not enough to keep your PC safe. You have to keep it--and all your software--patched, too.
For anyone unfamiliar with the worm known primarily as "Downandup / Conficker," here's a recap: it's a clever, nasty worm that's easy to get and hard to get rid of.
How does Downandup / Conficker work?
It works by modifying the way Windows "autorun" feature works, thus tricking users into running the virus. It further spreads through an entirely separate flaw in the Microsoft Windows network system.
The smart folks at Finland-based security firm F-Secure have a complete description of Downandup / Conficker that includes screenshots. It's a fairly straightforward read and especially well worth your time if you believe you're at risk (or may already have) this worm.
Christopher Null, writing for Yahoo! tech, says in his blog about Downandup / Conficker,
From an antivirus standpoint, fixing Downandup isn't easy. The worm is particularly problematic because of the tricky way it involves the user in installing the software, bypassing auto-installation safeguards, plus its sophisticated way of avoiding detection, as it morphs its code constantly (using randomized elements) to make traditional, signature-based detection almost impossible.
Now, while it is clever and sophisticated, it's not impossible to detect. Difficult? Yes. Impossible. No.
This is where using the best antivirus software really makes a difference. The best ones don't just rely on signatures.
Instead they also rely on heuristics to figure out things that match certain general patterns of malware and viruses and to stop them in their tracks.
The degree of sophistication the antivirus software makers put into their AV heuristic engines is a closely guarded secret for them and truly one of the things separating the top antivirus software from the second-rate ones out there.
The smart folks doing research at Finnish security company F-Secure estimated another 6.5 million Windows PCs have been infected by Downadup / Conflicker worm... in the past four days.
That adds to the 2 million plus that were already infected.
If you haven't yet heard the story on this worm, known as Downadup or Conficker, it exploits a bug in the Windows Server service. Affected operating systems include:
- Windows 2000 (all versions)
- Windows XP (all versions)
- Windows Vista (all versions)
- Windows Server 2003
- Windows Server 2008
Worst thing of all about their estimates: even they say they're conservative. Usually in cases like this they really are.
If your computer has been infected with Donwadup/Conflicker, here's where to get Microsoft Downadup/Conficker patch.
They've also issued an update to their Malicious Software Removal Tool.
Not wasting any time in 2009, the virus writers have already gotten started. The Register, an online technology site based in the U.K. brings news about the email virus outage that has shut down "a small number" of Ministry of Defense (MoD) systems.
Among the affected systems were admin networks among the Royal Navy's warships. According to the article:
"The Navy computers infected are the NavyStar (N*) system, based on a server cabinet and cable-networked PCs on each warship and used for purposes such as storekeeping, email and similar support functions. N* ship nets connect to wider networks by shore connection when vessels are in harbour and using satcomms when at sea."
The article goes on to quote a spokesperson with the MoD as saying, "There have been no infections detected on any networks with sensitive information."
Assuming they're not just covering their butts on this, at least the most critical information is still safe, but in any case, it leads us here to ask:
- Was antivirus software installed?
- What kind?
- Were the signatures update?
This isn't the first high-profile PC virus outbreak in the U.K. in the past few years. Another computer virus outbreak affected (and shut down) the networks at three hospitals.
Whatever the reason for the outbreaks, whether it's a technology problem or human error, we're always sorry to hear about such outbreaks. It's bad enough as consumers to have such concerns, but when viruses start to affect major networks like these, it's truly maddening.
Sadly, as so often happens, consumers are lazy, complacent, and just plain ignorant about keeping their computers protected and updated. Readers may recall there was a very nasty worm that hit Microsoft Windows PCs in 2008, for which Microsoft issued a rare "out-of-cycle" patch back in late October.
Well, folks, word in a Computerworld article on the worm attack? 1 in 3 PCs are still vulnerable.
And it's almost three full months later.
OK, so we're now well into the New Year, so by now you should have long ago put down the eggnog and gotten back to life as normal!
This means running Windows Update (Open IE, click Tools / Windows Update... it's really not that hard...) and making sure you have good, anti-virus software and firewall software.
Even if you haven't done it in ages, running Windows Update (assuming you're on a DSL or cable modem) shouldn't take more than 10-15 minutes on a reasonably fast, modern PC.
If you stay atop it, it's even faster.
A good reminder came by way of a Montreal Gazette article on antivirus software, one of the fine newspapers published by our Neighbors to the North: "Okay, okay, this year, I’ll get anti-virus software.' Say it and mean it."
Marc Saltzman, who penned the piece, brings up a great point: since buying a new PC (given the state of the economy for many people) is perhaps not a priority, protecting the one you have should be.
He talks about five of the six things we urge everyone to do. Here's our list (in order):
- Run antivirus software
- Run antispyware
- Keep your OS and the software you run updated
- Perform backups
- Defragment your hard drive
The only thing missing:
Run firewall software.
The default one built into Windows doesn't count. It stinks. In overall importance, we'd put firewall software at the top of the list tied for first for number 1 with antivirus software.
While you're running through this checklist yourself, take a look at our new antivirus reviews for 2012. You'll see the "best antivirus software" on our list for 2012, and it has built-in antispyware and offers an optional firewall software, too, in the VIPRE Internet security version.
With our coupons you can have a complete PC security solution and be out the door for under $30, and you'll be three steps closer to keeping the bad guys out and protecting your computer.
Bear this in mind, too, the most important thing on your computer probably isn't the computer itself. It's the data.
And even if by some strange chance you put zero value on the data on your computer, there's still the cost--both in time spent and actual cash spent--to get your computer fixed if it gets infected.