The Conficker worm, also known as Kido and Downadup, is set to attack on a hard-coded date – April 1. The worm started to creep onto Windows-based computers in November 2008. And now, on its third variant, it has grown more sophisticated and powerful. Yet, nobody is quite sure what will really happen on April 1. Nobody knows if it’s a real threat or it’s just one of those April Fools tricks that could disrupt work or even the Internet. What’s known so far is that infected computers will try to connect to 50,000 domains and receive updates of the worm or other malwares and be under the control of a master computer. And from that point, anything is possible. Security experts think that the worm will be used to create a botnet that will be controlled by the worm’s creators so that they can steal information from infected computers, launch attacks on particular websites, or even direct infected machines to send out spam emails.
Symptoms of being infected:
1. Conficker blocks access to a number of security web sites – Try browsing Symantec’s website (http://www.symantec.com). An infected machine would bring up a “Cannot display webpage” error.
2. Conficker turns off the ability to change settings to view hidden files and folders – Open “My Computer”. From the menu, select Tools>Folder Options. Select the View tab. Select the “Show hidden files and folders” option. Click Apply then Ok. Repeat the process to check if the change took place. If it didn’t, your computer is infected.
How you get infected:
1. Conficker attacks a Windows vulnerability called MS08-067. If you haven’t updated or patched your PC, Conficker may have installed itself quietly on your system.
2. The worm copies itself on shared network folders and thumb drives.
If you think your Windows machine is infected, you can download the removal tool created by Enigma. After downloading, run the application and select Proceed to begin the worm removal. Your computer will be rebooted during the process and Conficker will be automatically removed. You may also download the removal tool from my online drive.