What is the Conficker Virus? The Conficker virus (aka Downup virus,
Downandup virus, Conflicker virus, and Kido virus) is a worm. A worm is
a type of virus that spreads itself through networks. Basically someone
starts it up and it starts looking around a network that it is
connected to - including the Internet - to find
computers that are
vulnerable to infection.
What computers are vulnerable to the Conficker virus? Any computer
that is or has been connected to a network (including the Internet) and
running the following version of Windows:
1. Windows 2000 (very vulnerable)
2. Windows XP (very vulnerable)
3. Windows Server 2003 (very vulnerable)
4. Windows
Vista (less vulnerable)
5. Windows Server 2008 (less vulnerable)
Microsoft put out a patch to fix the vulnerability: Microsoft
Security Bulletin MS08-067 - Critical. Computers that have had the
patch applied, providing that the Conficker virus was not already on
it, are not vulnerable to attack via a network.
What is the "vulnerability"? How can the Conficker virus gain
access to a computer over a network? All computers that are able to
share information over a network have programs running on as part of
the operating system that "listen" for
communications from the network.
For instance, if a co-worker on another computer wants to access a
folder on your computer they (through their computer) send a message to
your computer asking to access the folder. The appropriate operating
system component on your computer handles the request and gives access
or denies access to the file based on whether you shared the file and
gave the requestor permission to see it. The important thing to
understand is that a program on the requesting computer makes contact
with a program on the listening computer and gets the listening program
to do something for it.
If the listening program mentioned above has a bug in it that can
enable the requesting program to make it do unsavory things - like give
the requesting program access to install itself on the receiving
computer - then that would be a "vulnerability". In the case of the
Conficker virus that is basically what was discovered - the program
that lets you share folders and
printers and other things on a Windows
computer, called the Windows Server service, had a bug in it that would
allow another program to get it to do things that would then allow a
program to be installed over the network without anyone knowing about
it.
What would protect me from the Conficker virus or similar viruses?If your network and computer are being protected by a properly
configured
firewall then you were really never at risk. If you applied
the patch Microsoft put out for this vulnerability by running Windows
updates then your Windows computer was not vulnerable for long and is
no longer vulnerable. If you are running Windows Vista and have the UAC
turned on (the thing that asks you "Confirm or Deny" whenever you try
to install anything) then you are minimally at risk.
There are many ways to make a system more secure but
basic security
practices would have minimized your risk to this virus as well as
similar ones:
1. Use a firewall - this will stop almost any worm attack.
2. Stay on top of updating your operating system.
3. Use an up-to-date
antivirus program.