What is Conflicker?Conflicker
, also known as Downadup or Kido, is the latest super virus
to spread around the Internet and have security experts in a panic.
When last we checked, about a week ago, Conflicker had already spread
to 9 million PCs
, with little sign of slowing. Now it has infected at least 10 million PCs
and experts believe there may be up to 350 million vulnerable computers out there.
isn't just exploiting a networking hole, however; it features a
sophisticated method of cracking administrator passwords, making it
difficult to remove, and also copies itself to USB drives so that it
can spread even when the online flaw is plugged.What havoc has it wreaked so far?
So far this schizophrenic virus hasn't caused any serious damage. Its primary effect has been to prevent people from installing Windows
updates and anti-virus
software that could potentially thwart the malware. What worries
security experts, though, is Conflicker's ability to launch a second
stage, downloading additional code that could hijack computers
completely, steal personal information, or commit basic extortion --
demanding money for fake anti-virus software claiming to remove the
How do you know you have it? What are the symptoms?
Since it is currently sitting dormant, possibly awaiting further
instructions, Conflicker is very difficult to detect without running an
up-to-date virus and malware scanner. However, if your Internet
connection is running abnormally slowly, if services such as Windows
Defender is disabled, or if you are unable to access some
security-related Web sites (like those for anti-virus programs), then
you may be infected and should certainly follow the removal directions
included below.Is it the biggest virus ever?
Conflicker has certainly spread far and wide, and gathered its fair share of media
attention, but is it the biggest virus ever? That remains to be seen.
It is certainly the biggest threat to personal computer security to
come along in the last few years and would easily claim a spot on our
list of the 15 Sneakiest Computer Viruses
.What can you do to stay safe? Microsoft
has already issued a fix for defeating the worm, but a full 30-percent
of Windows PCs have yet to download the security update. So make sure
you run Windows update and download the latest fixes. The latest
versions of Norton, Kaspersky, McAfee, and the Switched-endorsed AVG
are all capable of detecting and blocking Conflicker, so make sure you
have downloaded all updates to your anti-virus software.
Experts also suggest disabling autorun to prevent yourself from becoming
infected via USB drive. Turning off autorun isn't easily done, so
follow these directions:
- Go to the Start Menu and select 'Run'
- Run the following command: gpedit.msc
- In the Group Policy window go to Computer Configuration -> Administrative Templates -> System
- Under 'System,' double-click the 'Turn Off AutoPlay' option from the right hand pane
- Select 'Enable' and choose 'All drives' from the drop down menu
If you think you're infected, download and run Microsoft's Malicious Software Removal Tool
, or follow the directions found here
to manually remove the worm.Will it strike again? If so, where and how?
It's impossible to know if and when Conflicker will strike again, especially
since it is still running free and has yet to reveal its true purpose.
Since Conflicker is capable of downloading additional malicious code,
it is also capable of self-updating. This function allows the worm to
take advantage of other security
holes once the ones it currently exploits are closed.
Potentially, Conflicker could hang around for a very long time, or resurface in a
slightly different form down the road. Knowing exactly when or where
Conflicker will rear its ugly head is simply impossible, but you can
keep yourself safe by making sure your PC and security software (that
includes anti-virus, spyware tools
, and firewall
are up-to-date. Also, be sure to practice good browsing habits: avoid
opening e-mail attachments from unknown addresses, don't download
software from questionable sources, and stay away from sites whose
security and legitimacy are uncertain.