|
15 million and climbing (Spiegl Online reports that the total may be as high as 50 million infected machines), PCs infected by Conficker (Downadup), at least according to some sources. Some doubts have been expressed about how accurate this calculation is or can be, but there are many factors that complicate the calculation. Nonetheless, it's clear that there are very high volumes of infected machines out there, though there are signs that the number has started to level off, so it's unsurprising that it's attracted so much media attention.
Since its appearance last autumn, our research teams around the globe have been paying close attention to this threat. Before we share a little more information on some of the malware's less widely publicized characteristics, though, let's stop panicking about the sheer size of the numbers and get back to trying to reduce them. Conficker makes use of a wide range of attack vectors, so here are some approaches to stopping some of the holes.
First of all, of course, use good antimalware programs (we can suggest a particularly good one!), but don't expect them to give you absolute protection, no matter what you do.
Obviously, systems with up-to-date anti-malware are less likely to fall prey to a Conficker variant than systems that are inadequately protected. Like other companies, we've been detecting the many Conficker variants for some time, and regularly have been updating our detections (signatures and heuristic) regularly as more information on new variants come in. The real Conficker story was topical between its discovery in October and the beginning of this year when we were working on more effective ways to detect this threat in memory and to clean it. This is a sophisticated, complex threat, and it was necessary to create specific algorithms to address it fully, but up to now, detection has been pretty effective.
However, Conficker variants have gone way out of their way to hide from antimalware: for instance, by blocking domain names incorporating strings that suggest antimalware resources or companies. So it may be necessary to access updates or a Conficker-specific cleaning tool from a known clean machine.
One of the approaches Conficker takes to infection is to exploit the vulnerability described by Microsoft in their bulletin MS08-067, so patch vulnerable machines. (If they're already infected, they'll need to be cleaned first.) Another interesting characteristic is that it may patch infected systems that are vulnerable to the MS08-067 vulnerability. (Since it uses multiple infection vectors, not all infected systems are unpatched.)
The bottom line is; get a good anti-virus product and make sure your anti-virus database is always updated. Call us now on 023 88 39496 for more information about ESET anti-virus products. |
