Discussion in 'Windows' started by v1ru5, Jan 17, 2009.
Windows worm hits 8.9 million PCs in past week - vnunet.com
As someone who works in IT, I kind of hate it when the media randomly chooses to start hyping up the latest virius or trojan (only because everyone I know asks me about it.)
I think about 10 times out of 10, by the time they hear about this stuff, there's already OS patches and A/V updates to prevent the problem (Quote from the article: "The worm, dubbed Conficker, Downadup, or Kido, spreads via a vulnerability that Microsoft patched in October 2008". All it seems to do it worry the average computer user ... which is maybe good if they don't have A/V.
However stuff like this also prove my point when I tell people they should just leave Windows Update turned on (and why it's good to have a legit copy of Windows .... or at least a copy that passes WGA )
Unless I missed something I didn't read how this infection is passed on. BTW I use NOD32, should I be worried about this?
NOD32 is one of the best. Just use common sense and set NOD32 to update automatically. Stay off the porn sites!
Do I HAVE to?
well, no I guess not !
With this particular one, make sure your Windows is patched (turn on Automatic Updates and let them install) and your Internet connection has a firewall (going through a router counts as a firewall, because it hides your computers from the Internet.) But it's also important to make sure your A/V has the latest virius definitions. I haven't heard anything bad about NOD32, I think it works just fine.
This worm spreads via RPC (Remote Procedure Call), which is a method to remotely execute commands on a computer (e.g. at work I can manage event logs and change system settings on all our servers and workstations via RPC) Normally RPC requires authentication before accepting commands. However RPC in Windows has bugs which can cause it to run commands without a password, which is what this one does.
This worm goes a step further by attempting to guess weak passwords (e.g. "password" "1234" etc). RPC isn't really important on home computers, so this is why it's important to have a firewall which blocks it from the Internet.
I read there's also other variations of this worm which create an "autorun.inf" file on your USB sticks or other storage devices, which is the file that tells Windows to automatically run programs when the storage is plugged in. Vista and XP will warn you before it runs these files, but it would be easy for someone to just click "ok" and let it run.