SEARCH   ECU WebsitePeople GO
 
Computing@ECU
Safe Computing
purpleabout uspoliciessitemaphelp request
ITCS Title
Conficker Worm



Conficker Worm Alert

UPDATE: Still wondering about the Conficker worm? Okay, there was no global meltdown on April 1st due to the Conficker worm, but computer infections are no laughing matter and should be prevented, if possible, and eradicated, if they happen, using the proper tools and solid computer safety.  The Conficker worm has been especially troublesome for security experts because it "mutates" into different versions which all require a particular removal tool. 

If you're still wondering if you've done enough to check your home Windows PC for Conficker, the Conficker Eye Chart Web site from joestewart.org offers an easy test using a simple graphic.  Visit http://www.joestewart.org/cfeyechart.html from your home computer; if any of the images are missing, you may be infected.  The site offers an explanation of which Conficker version it may be, and also gives examples of other problems as well.


It was reported that on April 1, 2009, the Conficker worm was programmed for a widespread infection of vulnerable computers.

Am I Vulnerable?

  1. Computers on the ECU network that are installed with the latest Windows and MAC OS Updates and current Antivirus Software should be protected from the worm.
  2. Staff and Faculty should ensure that their home computers are updated.
  3. Students should ensure that their laptops and desktop computers are updated.
  4. Computers with outdated OS security patches and virus definitions must be updated. The latest Antivirus software can be downloaded from home at the ECU SharePoint Download Center - http://download.ecu.edu under General Files >> Virus and Security Applications.

Check for Conficker

The presence of a Conficker infection may be detected if a user is unable to surf on the following websites:

http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm

http://www.mcafee.com

Reduce the Risk

Users can reduce the risk of a Conficker infection and improve the detection of a potential Conficker infection by ensuring that the Windows Operating System on their computer is fully patched and the latest Antivirus definitions are present on their computer.

Check Windows OS

Check for a fully patched Windows Operating System and, if necessary, apply any missing Windows Security Updates.

Set Windows Update to automatic and ensure that you have the current Microsoft Update

  1. Right-click on My Computer on the Windows desktop
  2. Select "Properties" from the menu
  3. Select "Automatic Updates Tab" in the System Properties window
  4. Select "Automatic" and specify a time of day when you know your computer will be turned on
  5. Select "OK" to save your choices.

Steps to manually update your computer's Windows Security settings

  1. Exit all applications (don't just minimize them to the Task Bar).
  2. Select on the Start Menu on the Task Bar in the Windows desktop.
  3. Select "Microsoft Update" from the Start Menu. This will connect you to the Microsoft Update website if your computer has Internet access. (If your Start Menu contains a link to a Windows Update instead of "Microsoft Update," follow the instructions in the previous section to install the proper software to access the Windows Update website).
  4. When the Microsoft Update website opens, you may be required to install software required to access the site. Select "Yes" to install it.
  5. When you enter the site, you will be offered two choices: "Express" and "Custom".
  6. Select "Express" and accept all available updates. You may be required to reboot your computer after updating.
  7. If you have never updated your computer before, you may need to visit the Microsoft Update website, install patches, and reboot several times to download all available patches.
  8. After all Express updates are installed, select the "Custom" button and install the latest versions of Internet Explorer and Media Player. You may find other updates listed under Custom, which may be required to improve your computer's functionality. You may need to visit the Microsoft Update site several times to update the updates you have just installed.

Check for Latest Antivirus

Below are the steps to check for the latest Symantec Antivirus definitions on the computer, update the signatures as necessary and perform a full Antivirus scan. If you are running another Antivirus program, follow their instructions for updating.

  1. Select the Symantec Icon and right click on the icon to ensure to "Enable Auto-Protect" is selected.
  2. Check for latest virus definitions by clicking on the Symantec Icon.
  3. In the Symantec Window, check the day of the Virus Definitions File.
  4. Click on Live Update to determine if any later updates are available.
  5. To check for a Conficker infection, run a full Symantec scan by selecting "Full Scan" and selecting the "Scan" radio button. According to Symantec, a full scan is supposed to detect a Conficker infection.

Malware Removal

A manual removal of Conficker C infection can be done. According to Symantec by following the steps for machines running current and recent Symantec Antivirus products (including Symantec Antivirus and Norton Antivirus product lines). For details on the following five steps, see

http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-030614-5852-99&tabid=3

  1. Disable System Restore (Windows Me/XP).
  2. Update the virus definitions.
  3. Find and stop the service.
  4. Run a full system scan.
  5. Delete any values added to the registry.

As always, system administrators should perform appropriate testing and follow existing change management procedures to ensure patch installation for affected systems.

MAC OS: Visit the following website for MAC OS instructions:
http://www.ecu.edu/cs-itcs/mac/index.cfm

 

REFERENCES

Microsoft: Steps to Secure Your Computer http://www.microsoft.com/protect/computer/default.mspx

Symantec

Conficker C: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-030614-5852-99&tabid=3

Conficker C removal tool: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99

Additional sources

Microsoft October Update: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Cnet.com: http://news.cnet.com/security/?keyword=Conficker


 
ecu logo
East Carolina University
209 Cotanche Street | Greenville, NC 27858
252.328.9000 | Contact Us
© 2009 | terms of use | Last Updated: 04.16.2009