My 4/05/09 Missoulian column
I thought about writing on the Conficker worm last week, the latest malware that turns Windows computers into members of “botnets” controlled by “bad guys.” But I didn’t want to buy into all the hype about the Internet being clogged by millions of those “zombie” computers.
As I guessed – and some security researchers also guessed who know much more than I – Conficker turned out to be almost a nonstory on April 1, the day when the botnet was first thought to come “alive.”
The botnet didn’t take down the Internet, and I admit that hindsight is always 20/20. But those millions of infected PCs are still out there, and Conficker may return. Some security researchers say the botnet is already being broken up and sold off. Others aren’t so sure and are hanging fire, so to speak.
Botnets use their millions of captive PCs to send spam e-mails, steal personal information and extort money in exchange for not blocking Internet traffic from other Web sites. There’s much money to be made with botnets, and there’s evidence that many are controlled from Russia and Eastern Europe, out of reach of much law enforcement.
The developers of Conficker improved on the botnet concept by using encryption and new-version tactics to protect their worm from removal and to help it travel. When a PC is infected, anti-virus Web sites and Windows Updates are blocked by Conficker in order to protect itself.
The botnet controllers are still unknown, but those to blame now are all those PCs users who don’t protect themselves. With Windows, you must have anti-virus and anti-spyware and keep Windows Update set on automatic. If it’s not Conficker, then it will be other worms and trojans that will arrive in the future. It’s just a fact of life in the world of the Internet: You have to look out for yourself and your PC.
According to network statistics, only around 5 percent of Conficker infections are in the U.S., so if you’re running Windows Update and anti-virus and anti-spyware scanners, you should be OK.
Conficker can’t infect Apple computers – unless you happen to running Windows as a virtual machine – but you still must be careful about installing sketchy software on OSX.
Everything you want to know is at the Web site of The Conficker Working Group, a consortium of businesses and private groups.
The working group has a Web page test to see if your PC is infected. The best instructions I’ve found to remove Conficker and restore altered settings are at PCMag