Posted: March-31-2009 at 10:41pm | IP Logged	Tweet

Conficker computer virus a threat today

By Rex Barber
Johnson City Press Staff Writer

The mysterious Conficker virus has been spreading around the world since this past fall, infecting millions of personal computers but not doing much other than blocking attempts to delete it. Today many expect the creator of the virus to provide new instructions for how the worm manipulates infected computers.

But nothing new may happen.

Still, computer users should update their Windows software and check to see if Conficker has afflicted them.

“The current theory about what this actually is is kind of a test run for a later attack or deployment of a more malicious payload,” Vincent Thompson, ETSU customer support manager in the office of information technology, said of Conficker. “It’s kind of a shell, an engine waiting for gas and instructions to be put into it.”

Personal computers are the only machines vulnerable to Conficker. And if users have been updating their Microsoft Windows operating system, they should not be infected. According to the Associated Press, there are easy ways to determine if a computer has the virus.

Lots of computer worms disable antivirus software outright, which can be a tip-off that something is wrong. But Conficker doesn’t do that. Instead, Conficker blocks infected PCs from accessing the antivirus vendors’ and Microsoft’s Web sites, so victims won’t get automatic updates and can’t download the Conficker removal tools that those companies have developed.

See what Web sites you can visit. If you can navigate the Internet freely except for sites owned by Microsoft or antivirus vendors such as Symantec Corp., McAfee Inc. or F-Secure Corp., your PC might have Conficker or a similar bug.

Fixing the problem gets a little trickier.

The best remedy is to have a friend — whose computer is not infected — download a removal tool from Microsoft or one of the antivirus vendors. Then that person should e-mail the tool to you.

A list of the free Conficker removal programs is available on the Web site of the Conficker Working Group, an alliance of companies fighting the worm. The removal programs will take care of themselves, for the most part, scanning your system and purging the worm.

The Department of Homeland Security is distributing a removal tool for Conficker that the U.S. Computer Emergency Readiness Team developed as a response to this worm. Check the Homeland Security Web site for the tool.

ETSU, though, feels relatively safe from any harm the virus could cause.

“We’ve had one or two machines on campus that didn’t get updated for some reason that came down with it and we’ve cleaned them off and haven’t seen anymore infections,” Thompson said.

Mountain States Health Alliance also thinks its network is safe from the worm. The hospital system purchases anti-virus protection from a vendor that pushes out daily updates.

But what about smaller businesses?

Richie Torbett’s local company, Networking and Computer Connection, helps local businesses manage their networks.

Torbett said NACC’s main antivirus providers — including Symantec and Sophos, which caters to business networks — didn’t raise any alarm bells about Conficker.

“They didn’t really put out major alerts,” Torbett said. “It’s been more news media driven.”

Though no one has been able to discover the virus’s ultimate intent, Torbett said estimates of how many computers it’s infected range from one to three million.

“It’s not currently stealing data or erasing peoples’ hard drives. It is spreading, though. There’s a lot of speculation about what it’s going to do.”

Torbett said Sophos has looked at the worm’s code and found that it guesses at passwords in a not-very-sophisticated way.