If you've been following the news of late you'll know all about the concern that the Conficker worm is causing in security circles these days.
Conficker is believed to be the most widespread computer worm infection since SQL Slammer in 2003. The initial rapid spread of the worm has been attributed to the number of Windows PCs (estimated at 30%) which have yet to apply the Microsoft patch for the MS08-067 vulnerability.
By January 2009, the estimated number of infected computers ranged from almost 9 million to 15 million. [Wikipedia]
Due to the advanced nature of the worm, it is very difficult to detect, and I personally don't trust my Antivirus software to do so reliably. The idea of having my computer hijacked as a zombie in a huge botnet perturbs me, so finding out whether my computer is infected is important to me.
There are a number of symptoms you can look out for:
- Account lockout policies being reset automatically.
- Certain Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender and Error Reporting Services disabled.
- Domain controllers responding slowly to client requests.
- Congestion on local area networks.
- Web sites related to antivirus software or the Windows Update service becoming inaccessible.
That last item there has proven to be quite useful, as Joe Stewart of the Conficker Working Group has created an "eye chart" that can easily show you whether you are infected by relying on the worm's habit of blocking access to antivirus sites.
Basically he's set up a web page that displays logos directly from a number of antivirus vendor's web sites. If you can't see some of the images, you're probably infected as the worm blocked access to those sites. There is one caveat though: if you use a proxy server the test is useless, as the worm cannot block access through it.
Head on over to the Conficker Eye Chart and check your computer. After all, isn't it our duty to make sure we're not part of this criminal cabal?