Jalaj P. Jha

Microsoft recently announced a reward of $250000 to anyone who helps in locating the brain behind the worm Conficker aka Downadup. Millions of PCs got infected with this worm since October 2008 and there is no stopping even after Microsoft released the patch that removes the vulnerability exploited by this worm.

Microsoft Security Bulletin MS08-067 on 23rd October 2008 reported a vulnerability where a specially crafted RPC request to the system could allow a remote code execution.

Conficker exploits this vulnerability to execute itself. Once executed on a machine it copies itself with a random filename under system directory. It then creates a new service “netsvcs”. It checks its IP using various public websites, downloads a malware from a remote site. Then it searches for other vulnerable machines on the subnet to spread itself, also starting an http server on this machine to facilitate malware download. Variant B adds other methods of propagation as adding AutoRun.inf in network shares so systems accessing those shares also get infected.

How to remove it? That’s simple… uninstall Windows and use Linux instead… just joking. Keep your antivirus always updated. Most of the new viruses will get detected and removed as soon as it’s updated in the virus database. If you don’t have an antivirus installed or have a trial version that expired long ago, at least go for Avast Antivirus its home version is free and just requires you to register online once a year to keep it running. You can use Malicious Software Removal Tool (MSRT) by Microsoft. Read more about Conficker here.

Just a few thoughts : Why are there no or very few viruses on Linux? Is it because Linux is very strong in Security aspect or because we believe that Linux is very strong in Security aspect?