Any Suggestions for Conficker Worm Protection ?

Can anyone suggest as to what precautions to take tp protect your PC against the " Conficker Worm " supposed to hit on April 1st ?

I do not have a network. It is a single home PC.

I have following security software installed.

Nod 32 Antivirus

Zone Alarm Pro Firewall

Super Antispyware Professional

Thank You.

 

http://www.theregister.co.uk/2009/03/30/conficker_signature_discovery/
http://www.confickerworkinggroup.org/wiki/pmwiki.php?n=ANY.RepairTools
http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/

 

Conficker Information for the Home Computer User - with thanks to Corrine.

 

It is more talk than real danger. If your ESET NOD32 is updated (v3 or v4) , firewall enabled and Windows updated you'll have no problems . It has always been like that.

 

That's great unless you happen to have a mail server which is running XMON and therefore limited to Nod32 v2.7!

~M

 

Hopefully you've kept it patched though eh? Microsoft released the fix last October.

 

The main thrust of the concerns in the security community regarding Conficker and April 1st are focused on what the already infested machines will do. This wiley infestations makes a compromised machine appear as though it already has the official Microsoft patch that plugs the Windows component that Conficker exploits when network-borne, and typically LAN only because most enterprise firewalls don't permit the type of traffic through them to allow an exploit.

Conficker also spreads via infected USB thumbdrives, which likely represented the initial penetration of an endpoint population followed by the network-borne vector infecting all other unpatched Windows machines on the LAN.

Several scanning tools are available to check for Conficker's presence. A free one called nMAP, for example. I haven't personally tried it. Other paid ones from Qualys, nCircle, and Tenable come to mind. I expect all AV vendors are scrambling to add this too, so make sure your AV is able to auto-update signatures.

For personal machines seldom exposed to a LAN with many other Windows computers, the most likely attack vector is via an infected USB thumbdrive. Though, Conficker is sophisticated and capable of growing new attack vectors. One should have robust USB malware defenses anyway because over 10% of infestations in the US, higher in Europe, and still higher in Asia are due to USB thumbdrives.

Cheers,

Eirik

 

Don't plug usb drives u gave to your friends in an admin accoun

 

i was just watching something on the news about the worm conficker, its pretty funny how much they blow it up to be like the apocalypse anyways, i know im protected, conficker dont got a chance with me

 

It's all over the Local News TV Stations and Cable Networks here plus National News affiliates made their announcements today on their normal timeslots.

For me this is like a new coolwebsearch all over again. Remember that bunch? And all their variants?

I do. Worked forums like 24/7 almost 365 during their stretch.

 

I know what you're talking about.

 

There's always some hype with all this sort of "news". UH?

If people want to get paranoid, there's an easy way to block this bastard from doing whatever it wants to do, even if, somehow, you get your systems infected.

The Conficker C, as known, or not, will communicate with 50000 domains, per day, to do whatever it needs to do.

Solution? Block access to those domains.

Going even further - Block access to the domains Conficker needs to get the machine's IP.

Going even further - Block access to the domains it needs to get the current date.

Going even further - Don't connect to the cyberworld, and you'll be just fine.

All the systems that got previously infected, and, maybe, will become worse, got that way due to the fact that those folks never patch their systems - most don't even know how and that such is needed -, perhaps make use of pirated software, etc.

The end result is there.

Everyone else who is careful, I believe they shouldn't worry.

Heck, even my family, who aren't techy folks, use their systems without antivirus and, guess what, so far, no infections. Why? They know better.

 

I'm not a bit concerned over this entire "event".

 

Re: Conficker Worm vulnerability result

So what does happen on a vulnerable system if you're infected by the above?
Bill Pytlovany found out: http://billpstudios.blogspot.com/

 

Along with making sure the OS is fully patched download "USB Vaccine". It's a free tool from Panda that will protect the PC and any USB flash drives you have from spreading infection by disabling the autorun functionality.

 

Or you can just do it manually by editing Local Computer Policy: http://www.sizlopedia.com/2008/03/18/disable-usb-autorun-to-save-pc-from-usb-viruses/
Or simple Registry Hack: http://antivirus.about.com/od/securitytips/ht/autorun.htm

 

Yes, much concern! The traffic to my company website (e.g., AppGuard and EdgeGuard) jumped by over a factor of 20 yesterday and today. The number of enterprise sales leads jumped by almost a factor of 100. Another interesting point, content concerned with stopping conficker NOW was dramatically more popular than stopping the NEXT conficker-like outbreak. Funny how folk are averse to planning for tomorrow.

Cheers,

Eirik

 

Wouldnt a patched windows and limited user account be sufficient?

 

Maybe a perfect Marketing/Income during this slugglish economy. If you visit Symantec website, you'll see how they are making money. LOL.

 

Almost any up-to-date av will detect this. The media loves to make the smallest things huge.

 

Yeah, they're helping the AV industry.

 

On european media you'll hear only certain news:
- Bill Gates ....bla bla
- Microsoft ...bla bla ( immagine that I've heard ....prime time news....there is a new version of Internet Explorer )
- Apple ...Iphone...Ipod ( all mp3 players are Ipods )
- Virus....disaster...

I'm talking about the news and not computer related shows.

I don't know what happens in the States but I think the same BS.

It's the usual story. Incompetents working. And the tv is not a separate world. Just visit your bank, your doctor, local tech iperstore etc. Incompetents working..yes there are exceptions...but it's hard to find them.