This article was originally written by Pål Joakim Olsen in norwegian for DinSide. The article was released as a Creative Commons Attribution Share-alike and has been translated and republished here under the same CC-license.
Microsoft has offered a $250,000 reward for information leading to the capture of the creators of the Conficker worm. This clearly indicates how dangerous this worm is considered to be.
And tomorrow is D-day. On 1 April Conficker.C strikes. The date is hardly random, since most headlines on that day is not necessarily taken seriously. What makes the Conficker worm extra dangerous is that on top of blocking access to security-related web-sites it also blocks many AV suites and programs as well as Windows Update.
It is estimated that as many as 10 million Windows machines around the world are ticking bombs. It is not well known the full extent of what will happen tomorrow, but we do know that infected computers will “phone home” to a number servers to get instructions (250 new URLs are aggregated daily, and rumors has it that by tomorrow the total will be around 50.000). So basically the infected computers is part of a giant botnet that is under the control of the creators of the Conficker-worm.
The issued instructions will make the infected computers to start a process – which process is not yet known – it will probably take down large parts of the internet, but it may also perform unwanted local changes to the infected computers.
This is serious. Your computer might be infected, and nobody knows exactly what might happen tomorrow. Fortunately, by investing a few minutes now you can safeguard yourself from whatever is supposed to happen tomorrow.
Here are some of your options;
Windows Malicious Software Removal Tool
Microsoft recommends Windows users to download the Windows Malicious Software Removal Tool manually. This tool can then be run in order to remove malicious software, among them the Conficker-worm.
F-Secure Easy Clean
F-Secure has a free tool to kill the Conficker-worm and you can find it here
McAfee has made a special version of their Stinger-tool which is tailor-made to handle the Conficker-worm. You can find it here.
Panda has a web-solution that does not require neither download or installation, and you can run it from here. According to the Panda approximately 6% of those who ran this check were infected with the Conficker worm.
DinSide has covered OpenDNS earlier, and to put it simply, with OpenDNS you can surf the net both quicker and safer by changing the IP-adress from your Internet Service Providers to the ones provided by OpenDNS. (this is easier than it sounds)
OpenDNS cooperates with Kaspersky Lab in order to update the list of malicious servers daily, so that your computer (infected or not) will not be able to connect with those servers.
Do the internet and your friends a favor: Tell them about this article!
Personally I recommend the following; update Windows regularly (automatic updates) and use an updated and good AV-suite, I use and recommend Norton Internet Security 2009.
This Microsoft illustration shows how the Conficker-worm operates.
Ed Bott has written a scathing article over on ZDNet where he ridicules McAfee for their Conficker site. And rightly so: the URL are conspicious to say the least (see the link above) and the About section is just hilarious. So I rec0mmend you follow Eds advise and go somewhere else for your security!