Protecting yourself from the Conficker worm

Nearly a year after it was identified, the Conficker computer worm continues to plague Windows users, infecting systems controlling everything from fighter planes to bus lane fines. We look at how to protect your computers from this threat.

Nearly a year after it was identified, the Conficker computer worm continues to plague Windows users, infecting systems controlling everything from fighter planes to bus lane fines.

The problem has become so great, a consortium of vendors have set up the Conficker Working Group to deal with the malware’s spread, and Microsoft are offering a $250,000 reward for the identity of the writer.

It’s not a problem that should be understated – the worm’s main use appears to be as a controller of botnets, networks of remote controlled computers used to launch attacks on other systems or to hide the tracks of scammers and password thieves.

Update your systems

Given the risks and embarrassment of being infected, avoiding this worm and others like it should be a priority for your business. First of all your Windows computers should have the latest updates as Conficker relies on some old security bugs that Microsoft patched last October.

Run an anti-virus

Naturally, you should be running an up to date anti-virus. Most widely used AV programs will do the job, including Open Source detectors like Clam AV and freeware programs.

Note though that the licences for freeware programs like AVG and Avast! are specifically for home use only. If you are running those on your office system, respect the developer’s right to make a living and buy a commercial licence, they are actually cheaper and more reliable than many of the better known brand names.

Restrict your users

Finally, make sure your users log on in Limited User mode. The reason why Windows computers are more prone to viruses than their Mac and Linux cousins is because most users run their Microsoft systems as the powerful Administrator mode which is the equivalent of leaving your car doors unlocked all night.

I’ve some instructions on setting up Limited User Profiles for Windows XP systems on the PC Rescue website. If you have an office with a Windows 2003 or 2008 server, your IT department or consultant will be able to do this through the network, which is a lot more secure way of doing things.

Be warned that some programs won’t work unless they run in Administrator mode. If you find this is a problem then you should consider replacing that software as the vendor has shown they are either incompetent or are prepared to put their customers at risk to save a few dollars.

Either way, you don’t need suppliers that have no respect for their customers.

Your computers are too important to your business and shouldn’t be exposed to these sorts of embarrassing and expensive risks. Get your IT people to make sure the office systems are locked down properly.

Similar posts:

  • No Related Posts

A ship of fools

To accompany the launch of their new protect yourself website eBay Australia have released a survey claiming an amazing 93% of Australian Internet users don’t understand what phishing is and 72% engage in behaviour that increases their risk of falling victim to an online scam.

This is truly mind boggling given the amount of publicity that is given to these scams.

More depressingly, the press release claims that one in three Internet users believes that only dumb people fall for phishing attempt.

You can see why the smart scammers do so well with attitudes like this. We look at one of the good scams at our PC Rescue and Cranky Tech sites.

We’ll probably make this the main story for the next ABC Nightlife spot. It looks like we have a long way to go in educating people on Internet security.

Similar posts:

  • No Related Posts

Anatomy of an Internet scam

We talk a lot about Internet scams, here’s a first hand account of how they work.

A clever little scam fell into our laps tonight. It’s the typical sort of trick that can fool anyone with an Internet connection, in this case it used Skype, but it could have been an email, a pop ad or pretty well anything any computer encounters while on the net. So we decide to follow this one to see how it works.

This was done on an a fully patched Windows XP computer running in Limited User Mode with Mozilla Firefox as the web browser. This is our preferred configuration for safe surfing.

Despite this, the computer was still fully backed up and we ran regular spyware and virus scans between each step. We strongly recommend never to click on any link, email or adverts you think might be suspicious.

The trap

You’re sitting at your computer when you notice a strange icon in the corner of your screen. It’s Skype, the Internet phone program, telling you there’s a Skype Chat message for you. The message comes from Security Center ® (Offline) Skype™ Chat and it warns WINDOWS REQUIRES IMMEDIATE ATTENTION.

We should pause here to point out if you have Skype Chat enabled you will be getting messages popping up like this on a regular basis. We’ve discussed this problem on our July ABC Nightlife spot and we’ve added the solution to our IT Queries website. You should set Skype to only accept messages from your friends.

It’s also important to note here that this message looks official. Many people think that they are too clever to be caught by these scams. What they overlook is that while many scammers are dopes, some are very clever and this one will fool a lot of intelligent people.

Following the link

At the bottom of the message is a link directing you to “a patch” that will fix the problem. Click this and you are taken to a website called “Online Alert”

This website is allegedly owned by a Sergei Machorin of Moscow. We can safely bet that Sergei, if he exists, has no idea he’s the owner of this site.

Rather than downloading a patch, which would fix the problem, Online Alert starts a fake malware scan of the computer’s hard drive. After several minutes this will report your computer is infected with the following files.

  • Backdoor:Win32/NT Root
  • Backdoor: Win32/Sivuxa
  • Trojan.Caijing

All of these are fake. In fact, if you run the test on an Apple Mac you’ll get exactly the same result.It’ll even claim the c: drive is infected.

Of course, they aren’t telling you this for nothing, at the bottom of the page there is a button to “fix this problem”, so we clicked it.

The fix takes us to a page offering to download and install a cleaner program called Scan and Repair 2007 for a mere 19.95 USD. And here you are stuck.

If you choose just to close the screen you’ll find yourself locked in a loop where you can’t get out of the purchase screen until you kill the process or shut down Windows.

Naturally we didn’t pay the 19.95 and we just killed Firefox instead. Many people though would be worried about shutting down their computer with this thing still open.

The Result

This is a pretty garden variety scam and it could be a lot worse. This site could easily have tried to install something malicious. We tested this also on Internet Explorer and Firefox in a Limited User profile and there is no evidence of this scam trying to load spyware.

Overall it’s a fairly primitive little scam. The “online scan” is fairly simple. But to give credit to the scammers, the Skype warning, the webpages and the online scan are all quite convincing looking mock ups of a real thing.

Who falls for this?

Lots of people. The fact the warnings and websites look so convincing means that even experienced users can be fooled into clicking on links or thinking their computer is infected. There’s an idea that only stupid people fall for these tricks. This is not the case and even if it were, the numbers still make it attractive for the scammers.

Why do they do this?

The scammers receive a commission on every copy of Scan and Repair 2007 they sell. Given they’ve sent this warning out to millions of people they only need a tiny proportion to buy the product to make a tidy sum. It’s easy money for someone with the right skills.

The F-Prot’s Mikko Hypponen believes malware is the fastest growing sector of the IT industry. We agree and while this isn’t an example of true malware like a Trojan or virus, it still shows the profits that can be made with just a modest bit of effort.

We’ve found over the years that most people that fall for these scams are not stupid. The crooks who try this stuff are no fools and anyone who thinks they are smarter than the crooks is probably going to be caught out. All of us need to take care on the net.

Similar posts:

  • No Related Posts