Computer worm 'Conficker' is doing its dirty work

Pentagon and other agencies are preparing to defend against cyber attacks. Meanwhile, here are ways to protect your computer.

Rick Nease/Detroit Free Press/NEWSCOM

April 25, 2009

Internet security experts say that the computer worm known as Conficker, which has the ability to silently penetrate vulnerabilities within the Microsoft operating system, is beginning to rear its ugly head.

They say that the software is installing new and malicious programs on some of the computers it has already invaded with the aim of using those PCs to send out criminal spam and scrounge around on unsecured computers for valuable personal data, Reuters reported Friday.

Conficker, also called Downadup and Kido, works like this: Once the worm wiggles into a PC, it then has the ability to install software and enable the computer to receive additional viruses from the program’s creators. It can also link an individual PC to other infected machines and create an army of computers under its control, called a botnet, which can be strung together for launching cyberattacks.

Millions of PCs already invaded

Experts say that the Conficker worm has already dug into millions of PCs but only been activated in a small percent of them. It was feared that the makers of the software program would trigger a massive attack on April 1. While that didn’t happen, the US Computer Emergency Readiness Team (US-CERT) said earlier this month that it has detected a new variant of the worm that “updates earlier infections via its peer-to-peer network against unpatched systems.”

Microsoft released a security patch last year to improve its systems' security in an effort to combat Conficker. The patch is still available at Microsoft.com, but an estimated 30 percent of Microsoft users have not updated their systems.

While many say that the Conficker Worm is one of the most sophisticated they have come across -- and the most widespread since a worm called Slammer that spread in 2003 -- there are some simple protections that PC users can take. In addition to the free updates available from Microsoft, computer users can purchase an array of antivirus programs from software makers such as Symantec or McAfee.

How to test your computer

An easy test for computer users to perform to see if Conficker might be on their PCs is to simply attempt to log into some of these software security company’s website. The worm has the ability to block access to many security company sites.

Cyber security is becoming an increasing concern in the US and around the world amid the growth in Internet activity as well as in the level of sophistication being seen in malicious programs such as Conficker.

According to The Wall Street Journal, a new Pentagon Cyber Command will oversee the defense of US computer networks and cyber-attack operations. The paper reported Friday that Defense Secretary Robert Gates will name Keith Alexander, director of the National Security Agency, to head the Cyber Command operation.

Secretary Gates said in a memo reviewed by the Journal that, “our increasing dependency on cyberspace, alongside a growing array of cyber threats and vulnerabilities, adds a new element of risk to our national security."

White House recommendations

The Obama administration is expected to release its own set of recommendations for cybersecurity policy as early as next week.

While many cyber-watchers hoped that Melissa Hathaway, President Obama’s top cyber czar, would shed some light into what those specific policy recommendations might be, she offered little in terms of specifics in a speech earlier this week at a San Francisco computer security conference.

Instead she focused on what went into the administration’s recently-completed 60-day review of US cyberspace policy, which many critics say has been ineffectual because it has not been streamlined under one agency.

“It can be said that the federal government is not organized appropriately to address this growing problem because responsibilities for cyberspace are distributed across a wide array of federal departments and agencies,” she said. “We need an agreed way forward based on common understanding and acceptance of the problem.”