Conflicker – I mean, seriously

2009 April 2
by Andy

If you don’t already know, conflicker is a worm that exploits a buffer overflow in the windows server service.  The worm is wiley – there are several hundred variants and it is difficult to know how widespread it is.  You can find more info on the Wiki or on the McAfee discussions.

The panic over this and other worms like it makes me mental.  Don’t get me wrong, these things can cause all kinds of havok not only in terms of potential identity theft, but also tons of lost hours to clean infected machines.  But if you pay just a little attention to security you’ve been innoculated against this and other threats like it for months.  Way back in October 2008 Microsoft released patch MS08-067 to close the security hole that conflicker exploits.  This was an out of band update, meaning Microsoft released the patch outside of the normal monthly patch release because it thought the release was critical.  I know that at my firm, we took this very seriously and had every node patched within two weeks, then made the patch “autofix” meaning that any node that connected to the network would get the patch automatically.

Getting rid of this worm is a pain in the ass if you have it, but protecting yourself from the exploit, which effectively makes the thing benign, is really easy.  Run Windows Update!  If you are infected, there are lots of resources to get rid of it.  Most decent anti-virus programs will get rid of it – McAfee, Norton, AVG, etc.  Google conlicker and you will get tons of help.

I hate the way the media jumps on these things and makes people panic for no good reason.  When did the news become just fear-mongering?  And what good does that do for anyone?  I suppose rasing awareness of malware is ultimately a good thing, but do they have to make it seem like the world is coming to an end?

Patch your system and you are fine.

Add to Del.cio.us RSS Feed Add to Technorati Favorites Stumble It! Digg It!
    www.sajithmr.com

No comments yet

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS