Remember Conficker? The worm that attacks a lot of
organizations, from the UK Parliament to Waikato DHB network? The worm for
which Microsoft offers a $250,000 reward to find out the identities of the
cybercriminals behind it?
According to the Shadowserver
Foundation datasets, about a million of unique IP addresses showing clear
signs of Conficker infection have suddenly vanished. This suddenly decreasing process
took place in the last day of December 2009. Although December, 29th,
there were 6.5 millions of infected computers, 2010, January, 1st, the
number dropped to 5.3 millions.
This event cannot be explained yet and more investigations have to take
place, but the “miracle” was just for one day. January, 2nd, the
number of infections jumped again to 5.6 million computers.
Although the number of infection decreased, Conficker remains a significant threat
for the IT environment, its main purpose being to compromise as many machines
as possible by exploiting vulnerability in Microsoft Windows RPC Server
Service, such as the Automatic Update, Security Center,
Windows Defender and Windows Error Reporting.
To avoid becoming a victim of Conficker, make sure
with your operating system provider on a regular basis – download
and install the latest security updates, malware removal tools, as well as
other patches or fixes
your antimalware, firewall and spam filter as frequent as possible, with
the latest virus
definitions and suspicious applications/files signatures
your system frequently
informed about e-threats and security breaches
More information about Conficker can be found here.