Wednesday, November 3, 2010

Conficker, One of Dangerous Attacks Ever

Year 2009 was the victory year for Conficker Worm in Indonesia. Peak of its attack was happened on May-June 2009 which reached until 14.805 attacks and it contributed around 66.88% among all virus or worm attacks- sort of a high rate of attacks. It also attacked my college that looked like had very terrifying impact. Not only in Indonesia which was thousand of computers were infected, there were nine millions computers that were infected as well. Even, it was also able to messed up The Defense Department of France and England. Can you imagine how terrible is it?



Conficker is also known as Downup, Downadup, or Kido, a virus which has ability to exploit the security, a complicated coding, and made with high skill programming. It usually conflicts RPC Dcom in Windows. Although, its ranking was went down by other types of virus in the same years, the effects of its attacks were still remain in 2010.

Whenever your PC shows up a message Generic Host Process (GHP) Error and then your connection is terminated, it is possible that your PC has been infected by conficker. It is not caused by the PC which has been infected but it comes from one computer in your network that infected first and automatically infect other which is vulnerable.

Once a computer is infected, these following effects possibly exist:
  • Disable System Restore, Conficker disable system restore by resetting "Restore Point" disable users who want to restore in order to remove it.
  • Make HTTP server, conficker will open port 1024-10.000 randomly and make it to run as web server (HTTP server) for local network. Any computer which has unpatched RPC Dcom 3 has high possibilities to be attacked. When it succeed it will download the virus and running it. In addition, conficker will also disable internet connection sharing.
  • Do Patch on infected computer, infected computer will be patched by this conficker. It seems like conficker repair our personal computer. However, it is protecting the computer from unstable condition which probably cause unwell virus performance and effect the virus unable to spread.

Regarding on how danger is this virus, it is still possible to prevent infection from it. If there is still any notification about the virus although it is cleaned up by the anti virus, be sure that it does not infect the computer. Otherwise, it comes from one of other computer in the network. That's why you have to look for the infected computer and never connect your computer unless it is surely be removed from the network.

The wave of conficker's attack has quite decline now. However, in the future, it is still needed awareness of possible similar attack, which attack through internet network, even more than before. Because more people start to connect to the internet, more time they interact with the internet, more people have thought that internet is one of their need.s By this, it is obvious that we are getting more vulnerable. That's why , start from ourselves, start from now, we must concern what we have in our computer, is it safe enough or not? Besides, technologies of network security system should be improved as well in order to protect the users from cyber crime.

P.S.: This article is written in order to fulfill the mid-term substitution exam of Network Security Subject.

References:
http://vaksin.com/2008/1208/conficker/conficker.htm
http://tambelan.blogspot.com/2010/09/cara-cepat-menghilangkan-confiker-lagi.html
http://www.vaksin.com/2009/0709/stat0609/Stat0609.html
http://aalil.blogspot.com/2009/02/virus-conficker-attack.html