TechPublishing Now MS Certified

TechPublishing Now MS Certified
Professor Robert McMillen, MBA Microsoft Certified Trainer and Solutions Expert

Saturday, April 7, 2012

You May Already be Infected, and This Virus Will Hurt You

You May Already be Infected, and This Virus Will Hurt You

By Robert McMillen, Koin’s Tech Guru
So let’s take a break for a while from all the DTV switchover hype. We know it’s coming and if you’re not prepared by now you might as well call the cable or satellite company. Let’s discuss something really sinister. There is a virus that is running rampant right now. So much so that Panda Security estimates that 1 in 16 computers worldwide are infected by it and the PC owners probably don’t even know it.
Question: “I’ve heard a lot about the Conficker virus. How do I know if I have it or if I’m protected?”
                                                                                                            Samuel C. Lake O.
Answer: Samuel, this virus is going to probably knock the props out from the internet when it’s activated. The Conficker virus is also known as Downadup or Kido. It’s being spread mostly by USB thumb drives. You know the ones you attach to your keychain, and plug into a computer when you need to copy data and take it with you? Conficker will use a feature that Microsoft created for its operating system that was supposed to be a feature of convenience. When you plug in a drive or a CD, a program starts to run so you don’t have to click on the drive to get it going. It’s called “Autorun”. This feature is overwritten on your thumb drive and replaced with the virus which auto runs in the background and installs itself.
Once inside your computer, it does some really nasty things that you may not even notice. It also has a feature that’s waiting to respond to its mother ship. First, it disables backup so you can’t run copies of your hard drive. Then, it disables the ability to go to antivirus sites so you can’t remove the virus. It also disables Restore Points. Restore Points make it so you can go back in time to a point where your computer didn’t act all weird, like before you installed that Casino software. You can then undo it more easily and move on like you never lost that money (but we know you did). With Restore Points turned off, you can’t undo (just like real life). The virus also steals from your wallet, drives your car, and then it comes back with a dent in it- if it comes back at all. Oh wait, that’s your teenager.
The virus will then spread to other computers in your network by searching out weak passwords using a dictionary attack, and sooner rather than later your whole network is infected. How many of you use a simple word or nothing at all to log into your computer? (My password used to be MacGyver but it turns out he’s on the list.)
It’s become so serious that Microsoft has offered a $250K bounty on capturing these guys. These are likely no pimple faced teenagers. This was well written. So well so that I have searched high and low to find out how you know if you’re even infected. No one can say for sure, other than if you see the symptoms mentioned above. Even Symantec has an article entitled “How do you know if you’re infected?”, and then never tells you. They can’t tell us because it’s a little different on almost every machine. Most viruses have a process running in the background, but this one morphs into a bunch of different names making it almost impossible to say what that process is.
Now I’ll tell you how to prevent it, or get rid of it, and then I’ll tell you the really scary part. We just passed Friday the 13th and maybe Jason gave you some nightmares. This virus will give you something to really be scared about.
You can protect your computer by downloading the patch from here at Microsoft: http://support.microsoft.com/kb/962007
You can get rid of it if you have an up to date antivirus and run a scan. If you can’t go to that website or update your antivirus signatures to run a scan, then you’ve probably got it. In that case, get on another computer and go to this link to show you how to manually remove it or download the tool that will: http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99&tabid=3 .
If you don’t have another computer then you can go to the library or just get better friends.
Ok, now for the goose bumping, blood chilling, economy dipping part. No one but the virus writers knows the real purpose of the virus. It’s not to mess up your computer, although it does a pretty good job of that. The virus is constantly calling out to a randomly changing set of domain names. This has led to the unprecedented act of the US and Chinese versions of domain registrar organizations getting together and denying any of the random names it creates on a daily basis. Before that happened, individuals were registering the domain names so the virus couldn’t take hold by allowing the real attackers to register and use them. Those were very nice people, but that got too expensive. If the attackers were to register one of the names and the computers all called out to that domain, then anything can happen.
The attackers could choose to send billions of spam into the world, or worse. They could tell all their zombie computers (and yours could be one of them), to attack a government network, or many of our favorite commercial sites. Eee gads! What if we were to lose Facebook or My Space? Ok maybe that wouldn’t be so bad for the employers of America, but the point is that this could bring down anything the virus writers want to bring down.
I had a thought that maybe they were going to bring down the internet on inauguration day. That could have flooded the internet and made it impossible for many of us to see that historic moment. Fortunately, they didn’t do that, but this is an internet nuclear bomb waiting to happen. There’s nothing this virus can’t crush once they decide to set it off, and that’s the real scary thing about the Conficker virus. How long could Conficker bring down portions of or the entire internet? No one knows for sure. If they all did attack at once, I think it would be at least a week before we got to a point where the internet was acting normally again, and billions of dollars would be lost.
For more great tips, check back here each week and listen to me on the All Tech Radio show at 9:00 Sunday mornings on AM 1360 KUIK, or listen online at http://alltechradio.com.
If you would like your technical question answered here, just email rmcmillen@koin.com. Even if it doesn’t get answered in the column I will always answer by email.

Published Monday, February 16, 2009 8:52 AM by Katatkoin