April 1st marked an evolutionary step in a troubling computer worm known as Conficker. Conficker, also known as downup, downadup, and kido was originally detected in October 2008. The original strain of Conficker was a particularly troublesome worm due to the application of advanced malware techniques used to create it. The original worm spread very quickly through Windows-based PCs due in part to the malware techniques it deploys, and due to the number of users who failed to patch their systems for a specific vulnerability. As a result an estimated 9 to 15 million systems were affected worldwide by January of this year. The most disturbing thing about Conficker is perhaps that no one is really sure what the worm’s actual purpose might be.
On April 1st the Conficker virus deployed a new way to propagate itself, and the worm is now more difficult to detect and remove. These updates apply to the “C Strain” of the Conficker worm, and may prevent users with infected systems from getting updates or patches from Microsoft and other security vendors.
How to Stay Safe
The best defense against any worm or virus attack is simply common sense. Make sure that you have applied the latest security patches available from Microsoft. Your system should be running a high quality security suite such as those available from McAfee and Symantec, these should also be up-to-date. Stay away from websites that make offers like “free Conficker detection and removal package” or “is your computer infected by Conficker? Click here to find out.” Such sites or alerts are likely to actually install Conficker on your system.
It should be noted that a number of articles published in the last day or two claim the threat represented by Conficker is overstated, and just so much hype. A word of caution against this kind of thinking, security experts agree that a threat is still present, and the Conficker virus may have infected more systems than previously estimated. Also, it is important to reiterate that Conficker is a massive bot-net whose purpose is still largely unknown.
SADA Protects Clients from Conficker Infection
Managed service clients of SADA Systems, Inc. can rest easy knowing that systems monitored and managed by SADA are secure. By April 1st SADA had already patched all remotely managed systems with the necessary security updates. These updates were done quietly, in the background, and seamlessly, providing our clients with the latest security updates and patches, without interrupting their workflow or affecting productivity.
This process makes an interesting argument for the application of managed services as a means to prevent possibly serious malware infections. Most businesses employ an IT Personnel either full-time, or through a vendor, and depend on their IT Personnel to handle updates and patches to their systems. While there is nothing inherently wrong with this model, it does present a couple of inefficiencies. The foremost of which is the cost. It is significantly more expensive to hire a full time IT support person, than it is to pay for a managed services contract. The second is in response time. One of the major advantages to a managed services model is the management of systems is handled remotely, and the tools available mean that systems are being monitored twenty-four hours a day, every day. Not only are valuable IT personnel not redirected away from critical projects, but if a system becomes compromised at any hour of the day a technician is notified.
In the case of the Conficker virus the managed services vendor is more pro-active than reactive, an important distinction when dealing with potentially serious malware threats. When a new threat is anticipated or discovered SADA is able to roll out patches and security updates to all of our managed service clients. These updates take place in the background, across all managed systems, and without having to contact the client or interrupt their work. As a result, systems don’t become infected, and don’t in turn become another point of origin for the malware attack to propagate itself.
- For more on the Conficker virus check out this Wikipedia Article
- On the irreverent side of things, Wired Magazine has established the Conficker War Room a live blog of events that may or may not be related to Conficker infections. Most likely not.
- Wired Magazine also created a simple animation that helps explain how worms like Conficker work.
Anti-Virus and Security Packages:
The following are links to security packages that receive top-honors from PC World magazine. To view the full article click here.