Crippled Conficker Worm, Still a Significant Threat and Should be Eradicated

The nasty Conficker worm that appeared a few years ago has now been crippled and is far less effective at controlling bots than it was before security researchers drove a stake through its evil heart. They did this by creating ‘sinkholes’ for the domains that it creates for the last two years. However, it still infected or tried to infect 1.7 million Windows PCs in Q4 2011, which is still an awful lot.

Due to these efforts, it’s apparently no longer being used by the original perpetrators to do any more botnet attacks, which is good. However, the main reason why it should be eradicated, is because of the side effect of leaving infected Windows computers highly vulnerable to other malware attacks. This side effect exists, because of two defensive tactics that it employs: it disables most antivirus software, including Windows Defender and Security Essentials, plus, it switches off Windows Updates, which is Microsoft’s primary method of patching vulnerabilities in Windows. On top of this, it also blocks access to security products websites, which prevents antivirus signature updates from deploying to the infected machine and finally, it blocks access to the Windows Update website. The combination of these tricks leaves an infected PC wide open to attack from any malware going and is the equivalent of painting a great big red bullseye on it. Hence, Confcker must be eradicated as fast as possible.

Conficker cleaning tools are available from the Conficker Working Group website – but a much better solution, is to format the hard drive and reinstall Windows from scratch, or using a known clean image.