Social Enterprise

Conficker: Shavlik CEO explains what it does and how to fight it

Conficker has the potential to be the first serious, wide-scale virus outbreak in several years. In this interview, Shavlik Technologies CEO and founder Mark Shavlik gives a quick summary of what Conficker can do, the three ways it spreads, and what IT departments can do to combat it.

Podcast

Conficker has the potential to be the first serious, wide-scale virus outbreak in several years. In this interview, Shavlik Technologies CEO and founder Mark Shavlik gives a quick summary of what Conficker can do, the three ways it spreads, and what IT departments can do to combat it.

------------------------------------------------------------------------------------------------------------------------------------------------------ Four ways to listen to this podcast:

  1. You can click Play directly from this page (if you have Flash installed)
  2. Subscribe to the Tech Sanity Check podcast through iTunes
  3. Subscribe to the podcast RSS feed with Zune, Juice, or other software
  4. Download this episode as an MP3
------------------------------------------------------------------------------------------------------------------------------------------------------

For more on Conficker, see:

About

Jason Hiner is Editor in Chief of TechRepublic and Long Form Editor of ZDNet. He writes about the people, products, and ideas changing how we live and work in the 21st century. He's co-author of the upcoming book, Follow the Geeks (bit.ly/ftgeeks).

15 comments
reisen55
reisen55

1 - Fully update all operating system. This is a no brainer really as it should be done all of the time anyway. I do not install the cursed Windows Search patch because it is a system hog of the first order. 2 - Update antivirus product. Symantec or AVG and my accounts are set to update at 8pm at night and do a morning scan at 5:30 am before or around staff arrival. 3 - Periodic testing of access to www.symantec.com. 4 - Download the removal tool and keep it handy just in case. We can only be so pro-active in this war, for the creators of this garbage always will stay one step just ahead of our best efforts. If we can achieve 95 to 98% protection rate, we are doing as good of a job as we can.

TechRepub
TechRepub

Working, reading while scanning with nmap.....

DesertJim
DesertJim

Use one of the Linux desktop distros, such as ubuntu.

Michael Kassner
Michael Kassner

I follow your comments on mine and other TR articles, hence I know you have significant skills in IT. Knowing that, I'm curious to learn if you scanned with Secunia or Microsoft MBSA before Nmap? I'd bet that you get where I'm going with this. I'm trying to determine if skilled system admins such as yourself aren't comfortable trusting applications like Secunia or scanning with Nmap just being doubly safe? If you promise to tell, I will "fess up" what I do as well.

cmoreland
cmoreland

We've actually had a client bring this worm in via a thumbdrive a couple of weeks ago. I'm happy to say that Kaspersky successfully kept it at bay until I got my hands on a removal tool from them (which nipped it in the bud almost immediately). Yesterday I did some double checking to ensure every machine had their windows updates as well as latest virus defs. Nothing on the radar this morning...looks like I can actually enjoy my coffee here.

cmm
cmm

1.) Made sure that patch MS08-067 was approved and pushed out to clients via WSUS. 2.) Ran MBSA - found one system without the patch. Did manual update. 3.) Antivirus vendor up to date on dat files. Systems have latest signatures. 4.) Used Conficker Scanner from HoneyNet Project. Located here: https://www.honeynet.org/node/388 5.) At Firewall level and WebFilter appliance level, all are up to date with latest updates for antivirus. Must admit tried using NMAP and Nessus, but with no luck. NMAP probably runs better on a *nix box than *win so didnt have any luck. Good luck to all and we shall see what happens.

relawson
relawson

really? you mean if i dont use windows i wont be affected by a program made to exploit windows?!!?!? you sir are teh uber-master-it-guy! now that we've both gotten it out of our systems... i've been using shavlik actually! luckily at IU we get free licenses for it to departments. its very handy for windows updates, but, on other things unless every machine is EXACTLY the same, i always seem to have office updates fail. but, other than that, i'm looking into this nmap special scan thing to see how it works. i'm just glad the day is finally here and everyone will stop bugging the @#$% out of me about it...

grax
grax

Nice try but most IT people need to justify their existence. This whole thing smacks of the Millennium Bug. All hype and nothing at the end. This time it's unpatched Windows systems that are at risk. Most of these will be pirated versions of the OS. Some estimates say 15 million machines, mostly in Asia. I've no idea where people get these numbers from but none of it really matters. If this thing ever does gain any traction the result may be some disruption by DDOS but little else. It will help to occupy IT gurus and journalists for a while, which might be a good thing. By the way, you forgot to mention MacOS.

TechRepub
TechRepub

I was using NMAP as a backup on all Win based systems in this case. Sorry I didn't reply earlier, didn't know you had asked a question. John

admin
admin

I succesfully removed cornficker from a few machines of my network like a month ago, I used kaspersky tool too. Suddenly 2 weeks after it, all machines which were cleaned showed a warning in their updated avast at same moment. Cornficker via USB were cleaned but it created a hidden windows task to be runned at certain hour/date with another non-usb contaminant variant. Check it also if u dont wanna have double work! PS: excuse my bad english :)

relawson
relawson

its just one of those things that i never do unless needed... like when saying WTF or OMG ;) i only use punctuation when its absolutely necessary

JimInPA
JimInPA

He knows where his shift key is... I'm just saying. ;)

tgstambaugh
tgstambaugh

Thanks for setting the facts straight Dana. Whenver I hear someone say the millenium bug was hype, I get frustrated with their ignorance. I think of the thousands of programmers (including myself) who worked long hours cleaning up the code and databases that would have wreaked havoc if left as they were. I was contracting at the time and found serious bugs in software for an airline, state/city/county government, and a major Fortune-500 company. The results would have ranged from simple incorrect reports to catastrophic systems failure and would have seriously impacted people across the world.

DT2
DT2

The Millennium Bug was not all hype. It was a very real problem pertaining to truncated date values. The only reason it had minimal effect is because millions, possibly billions, were spent fixing conputer code to rectify the problem before Y2K arrived. Doing nothing would have resulted in major disaster. Think of what would happen if all the computers suddenly thought it was now 1909 instead of 2009. Automated events not ocurring because the computer thinks the trigger time hasn't arrived yet, banks calculating interest for 100-year time periods instead of 1-year. There are thousands of scenarios, although I wouldn't mind being on the receiving end of the interest problem.

Editor's Picks