Conficker: how to avoid infection and what to do if you are infected

Ahhh Conficker. A nasty family of malware that plagued computers the world over way back in November 2008.

Yes – that’s almost three years ago.

And it is still knocking about rather prolifically. Conficker remains the most commonly encountered malware family for home users and businesses alike.

Conficker can propagate in many ways, which can make it very difficult to remove from a network. A single infected computer is able to reinfect an entire network via file shares.

Microsoft’s patch, issued way back in 2008, is designed to stop the infection from coming into the network via the internet, but if it manages to reach your network via another route (eg an infected USB stick), then it will still be able to spread.

Top five anti Conficker tips

1. If you fear you have an infection, you can download Sophos’s free Conficker Removal tool, which detects, isolates, and removes Conficker from your computer or network. As an added plus, this tool is completely ungated for our Naked Security readers.

2. Make sure that all your computers running Windows are up to date with patches by visiting Microsoft Update.

3. Ensure your anti-virus software is up to date. If users have administrator rights, they might have uninstalled their anti-virus, or stopped it from updating. Even if you have anti-virus installed, you can still run this Free Security Scan from Sophos, if only to double check you have no hidden infections lurking on your computer or network.

4. Companies can set up a group policy to lock out accounts that attempt too many unsuccessful login attempts. The Conficker family also tries to batter its way into ADMIN$ shares by trying a long list of popular passwords, such as “nopassword”, “123asd”, “monitor” and, of course “secret”. Here is a full list of the passwords Conficker tries to crack. Make sure your password is not on the list.

You can also watch and share this password security video, where we give practical advice on how to choose a strong password.

(Enjoy this video? Why not check out the SophosLabs YouTube channel?)

5. Educate your users about safe computing practices. You can check and share our Naked Security’s Top 10 Security Tips.

It is not just about ridding ourselves of Conficker, we all need to take the appropriate steps to ensure we avoid getting infected in the first place.