After the confiker virus has gained access to a system it will install itself by adding a number of randomly named dynamic link libraries (dlls) into the system directory.
Next, confiker will install a system service in order to execute itself.
Cunningly, it also modifies some system registries in order to hide the service that it created.
The next step is for the virus to propagate itself.
It will do this by attempting to spread through local networks by using brute-force techniques on usernames and passwords.
Additionally, confiker will attempt to copy itself to any external devices it finds, such as external hard drives, flash drives, memory cards, etc.
Removal of confiker can be somewhat tricky as it blocks access to the most well-known security websites, such as Microsoft, McAfee, Norton, etc., which seriously reduces the effectiveness of anti-virus solutions.
4 WAYS TO STOP THE CONFIKER VIRUS
Here, then, are 4 ways to either stop or hamper the spread of the confiker virus –
1.Firstly, ensure that you are up to date with all your operating system patches from Microsoft – this virus specifically attacks the latest Microsoft RPC vulnerability (MS08-067).
2. Always, always ensure that you have anti-virus installed and kept totally up-to-date.
3. Control the use of USB and other external devices on your system. Even if you know what to look out for, other family members may not.
4. The domains listed below are known to be used by confiker to update itself. Block them all with your firewall. If you don’t have a firewall, get one!
The confiker (or downadup as it is also known) virus will, at some point, try to contact one or more of the following domains in order to download further (and, presumably, malicious) updates –
So make sure you block them!
Have I missed anything?
Can you offer any more advice on how to stop or avoid the confiker virus?