conficker/downadup virus

Posted on by

Schools in Kent appear to be suffering quite a bit with the conficker / downadup virus.  This first sentence immediately signifies a problem with the anti-virus community – different AV vendors give different names to the same virus.  F-Secure describe the virus as downadup, Sophos, Symantec and McAfee all describe it as conficker.  Some other vendors call it something different from either.  If there was a universal name for every virus it would be simpler to convey messages to the public – AV industry, fix this.  Decide on a standard and move on.

The conficker virus spreads using mapped network drives, portable storage devices (USB keys, camera flash memory etc), a vulverability in Windows (patched by Microsoft in October), network admin shares with weak passwords, an HTTP server generated by the virus itself.  It’s a comprehensive virus, as smart as I’ve ever seen.  It’s spreading very fast too, currently estimated at over 10 million hosts.

What is worrying people is that other than propagating itself and preventing access to security update sites (the virus prevents access to Windows update and anti-virus updates to try to prevent you from removing it) is that there is currently no payload to the virus – it doesn’t actually do anything.  Viruses usually affect some kind of activity upon their hosts.  In years gone by you had the Blaster worm which attempted to bring down the Microsoft Windows update site and would restart computers, and the Netsky family of worms which disrupted the user experience.  The reason the conficker virus is worrying is that with 10 million hosts infected, if its author decides to affect a payload, the effects could be devastating – these hosts are sitting awaiting further instructions from their creator .  Imagine 10 million people trying to access the same website at the same time.  This is known as a distributed denial of service attack, or DDoS.  Whatever the chosen target is for the attack will be brought to its knees.

I’m awaiting the continued story of this virus with interest.

  • http://www.ademweb.co.uk/blog Adem

    Am I safe? I’ve got a pretty easy-going attitutude to viruses. My anti-virus updates everyday, Windows updates every day, I have firewall software on the PC as well as on the router… do I need more?

  • http://channeltom.com tom

    If you can still get to Windows Update you are ok – worth manually checking and doing a ful AV scan on your machines. I ran without AV for months on my home laptop. In fact I think I am again now on it as it’s running Windows 7 beta….