Tuesday, March 31, 2009

Worried about Conficker?

Are you worried about Conficker? It's set to go off on April 1st.

It only affects Windows computers, so if you're running Macs or Linux machines, don't worry about it. (Mac users, don't feel too smug, as the recent PWN to OWN demonstrated an exploit of a fully updated Mac in mere seconds).

There's a fairly detailed analysis at Windows Secrets. If you think you might have Conficker, try visiting http://www.symantec.com/ or http://www.mcafee.com/; if you cannot, you may have it.

To remove Conficker, visit http://www.bdtools.net/ and download BitDefender's single-PC conficker removal tool. If that doesn't work on the infected PC, download it from another and run it on the infected PC.

If you are a network admin, go get Nmap (see also this) and run the following command:
nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [subnet]
where subnet is something like 192.168.1.0/24 -- you can thank Doxpara for that.

I would also suggest that you use OpenDNS. They have been blocking conficker since February, and there's more detail here. Seriously, sign up for OpenDNS if you are not using it yet; it's free and does more than just provide DNS. I've talked about them before, but not enough.

No comments:

Post a Comment