How to stop the spread of the W32 Conficker worm

• 
  Ron Condon
• Published: 23 Jan 2009 5:00

• The Ministry of Defence is still working to remove a virus that affected up to 70 sites, including Royal Navy ships and RAF bases, and which according to some sources, resulted in RAF emails being redirected to Russian Internet servers.
• Possibly the biggest security breach in history was revealed this week (on the same day as President Obama's inauguration, as it happens). U.S. service company, Heartland Payment Systems, announced that malware had been discovered on its systems, which gave cybercriminals access to credit card information going into the Heartland systems for processing. The company handles 100 million card transactions a month on behalf of around 250,000 small businesses. It is still unclear how long the rogue code had been in place.

Future security threats: Enterprise attacks of 2009 John Strand previews the information security threats that'll be big in 2009.

How to protect yourself from the W32/Conficker worm

• Patch as soon as you can. Graham Cluley, senior consultant at antivirus company Sophos Inc., said: "Conficker seems to have had less of an impact on home users, mainly because Microsoft has done a good job in doing automatic updates. Companies like to manage their patching, and I think that with people being away over the Christmas holidays, some companies were stretched and took longer to get around to patching."

• Keep antivirus up to date so that any new variants of the W32/Conficker and other viruses can be picked up.

• Enforce strong passwords. W32/Conficker operates by breaking weak passwords on systems in order to gain access to system resources. It will also look for file shares and other computers on your network that do not have a good password. Cluley said: "Make sure none of your users are ever using dictionary words. Look for daft combinations and sequences like ABCDEF or 123456, or repeated characters. Otherwise it's just too easy for malware or hackers to try to crack it."

• Use products that control the enterprise use of USB devices.

• Disable the AutoRun function in Windows. The Windows patch (KB958644) stops the worm from getting into your computer via the Internet. If the worm, however, is introduced on a USB stick and is able to execute AutoRun, it will be able to infect the machine and from there, the network.

There, however, is reason to be cheerful. Cluley draws comfort from the fact that although Conficker has spread so fast, it has not yet been activated. "I wonder if the people behind it have been scared off," he said. "If they were to use this botnet now for criminal purposes, you can be sure that every computer crime authority in the world would be trying to track them down. If they sent spam that sent people to a website, the authorities would follow the money trail, and would be able to piece together who was responsible for this thing."