Page last updated at 10:39 GMT, Tuesday, 31 March 2009 11:39 UK

Q&A: Conficker protection

USB drives, BBC
The worm can also spread via USB flash drives.

Computer experts are warning that the Conficker virus could strike infected computers on 1 April 2009.

What it will actually do - or whether it will even happen - is not clear, but security experts say that users of the Windows operating system should take sensible precautions to keep themselves safe.

Q. What happens on 1 April 2009?

According to Microsoft, systems infected with the latest version of Conficker will begin to use a new algorithm to determine what websites to contact. It is possible that infected systems may auto-update themselves with a new version by contacting a new site on the list. However, Microsoft say that these systems could also update themselves before or after 1 April by using Conficker's peer to peer technology to contact other infected machines.

Q. How do I know if I have been infected?

A rather basic test is to try and log onto an anti-virus website. Conficker blocks many of these sites in an attempt to keep users in the dark.

The Conficker Working Group - a coalition of anti virus firms - offers a range of detection and repair tools as does the Internet Storm Centre. Links to both those sites are on the right hand side of this page.

Q. How is it spread?

Conficker spreads itself across a network by exploiting a vulnerability in the Windows Server service. Microsoft have released a security update - MS08-067 - which closes that vulnerability, but as later forms of the virus can also spread via portable devices (such as memory sticks) this alone will not give you full protection.

Q. What can I do to protect myself?

Anti virus protection for your computer is essential and almost every piece of anti-virus software will keep you safe. However, this requires that you not only install the software, but keep it up to date. Most anti-virus packages offer an auto-updating feature, however it is worth checking when an update was last performed and, if necessary, forcing it to perform a current update.

Many sites also offer removal tools (see "what do I do if I have been infected") although Conficker blocks access to many anti-virus sites, which is one way for finding out if you have fallen foul of the virus.

Q. What other issues are there?

Conficker contains a password-cracking program that can break simple passwords, for example: 1234, supervisor, owner, etc - along with simple numeric passwords and birthdays.

Passwords are classified as weak, moderate, or strong - depending on how easy they are to crack.

An ideal password, which would be very hard to break, should contain a combination of uppercase and lowercase letters, numbers, and symbols, and should be a minimum of six characters long.

The catch is that remembering a password like that could be tricky and security experts advise against keeping a written copy of your passwords, in case of theft.

Microsoft have also advised that users disable the AutoPlay feature in Windows. This is to prevent viral code activating if a CD-ROM or USB device or other media containing an Autorun.inf file is plugged into the computer.

A step-by-step guide on how to do this is included in Microsoft Security Advisory (967940).

Print Sponsor

Security experts eye worm attack
31 Mar 09 |  Technology

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific