The April Fools’ Worm, or Conficker has been in the news for a few weeks now. This is one of the few times since Y2K that a date was important. People around the world braced for April 1, 2009 – the worm was supposed to wake up and cause havoc of epic proportions. That never happened. Maybe the author(s) were waiting till people’s defenses were lowered. Maybe it woke up early and no one knows what it’s doing (the sheer possibilities send a shiver down my spine).
It’s not like this came out of the blue. The author(s) took advantage of a vulnerability in Windows, specifically crafting a RPC call sent to the Server service. This practically has a potential to affect all Windows machines. Microsoft issued a patch way back in October 2008 (6 months ago!) with the recommendation that customers apply the update Immediately.
It is understandable that there are a number of individual users who are not computer-savvy and don’t have automatic updates turned on. I think Microsoft should build in intelligence within their operating systems to determine what kind of users the OS is dealing with. If a user appears to be ignorant of computer security and safety, then the level of nagging should increase – maybe disable certain OS features until they install updates.
The area where I am really surprised is with corporations and institutions. The fact that there are a number of infected computers, professionally managed by IT staff, is appalling. It was reported that 800 computers were affected at the University of Utah (link below). Why weren’t these computers patched with MS08-067 back in October? This is the same question I ask of companies who have affected machines (or will be affected in future). I understand that these patches have to be tested and verified before deploying to all servers and other computers. But, if it takes over 6 months to deploy a “immediate” patch, it is ridiculous.
Cyberthreats are to be taken very seriously. A new form of terrorism, cyber-terrorism is brewing. By not closing security holes immediately, you’re only increasing opportunity and aiding terrorists/virus-writers/spammers/cybercriminals. ALL companies must review their IT policies with respect to safety & security – and patch deployment and maintenance.
Individuals can do their part by ensuring the following:
- Update your computer regularly. Turn on automatic updates if you think you can’t deal with manual updates.
- Have anti-virus software installed and updated regularly. If you don’t want to spend money, there are some good free anti-virus software like AVG and avast!
- Do not open files received by someone you don’t know.
- Do not open files that are reported as viruses/worms, even if you receive it from someone you know. Spammers are known to spoof their aliases.
- Don’t install software if prompted by a web site (unless you’re specifically trying to download and install a particular software)
Microsoft Virus Alert about Win32/Conficker.B worm :: http://support.microsoft.com/kb/962007
Microsoft Security Bulletin MS08-067 (published October 23, 2008) :: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
Conficker Worm Hits University Of Utah :: http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=216500433&subSection=News
Best Free Antivirus Software :: http://www.techsupportalert.com/best-free-anti-virus-software.htm