Click here to get twenty dollars off Webhosting at DreamHost
Powered by MaxBlogPress 

How To Stay Safe From Cornflicker

January 26th, 2009 17:57 pm | by Ed |

I'm sure that by now a lot of people have heard about the latest bit of malware making the rounds called the 'Downadup' worm and popularly known as "Cornflicker". According to an article on Computerworld, it's spreading fast and has already infected anywhere from 6% to 30% of PC's.

According to Panda Security, out of two million scans that were done by its free online scanning tool, 111,379 were found to be infected with Corflicker.

Think about that a second. That's six percent of the people who used Panda's online scanner. When you think about the fact that MOST people don't use online scanners (I honestly don't trust 'em myself, though I *DO* have up to date A/v) and there's also a lot of people that don't bother to keep their Anti-Virus definitions up to date or those people who don't HAVE Anti Virus software at all, things can get grim looking indeed.

Ryan Sherstobitoff of Panda security had this to say about it.

"If we were actually to look at the [general] population, all the people who don't have antivirus -- or if they do, who haven't updated definitions -- the infection rate might be in the range of 20% to 30%."

That's a LOT of infected machines! The obvious question is "How to stay safe?". There are of course several obvious answers such as if you don't already have one, get a good anti virus program (I personally prefer and recommend the free version of AVG). If you do have an antivirus program, take the time to make sure it's updated. I have AVG set to auto update every day at 3:00am.

One other thing involves the way Cornflicker spreads. One of the things it is making use of is the "Autorun" feature in Windows. It alters the autorun.inf file on flash drives and other removable media and if I'm not mistaken, this includes CD's and DVD's that are burned on an infected machine. The very best thing to do is to disable Autorun completely. Yes, I know that makes some things a little less convenient, I'd rather have that than allow something like Cornflicker to have easy access to my system.

To completely disable Autorun takes two easy steps.

First, create a text file in Notepad and paste the following into it:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]

{note: Because I'm sure that word wrap will mess up how it looks, the line that begins with [HKEY_LOCAL_MACHINE and ends \Autorun.inf] should be all on one line in Notepad. Also, the part of it that reads \Windows NT\ does include a space between Windows and NT.}

Save that file as no-autorun.reg (make sure it has a .reg extension instead of .txt or it won't work.) and then double click on it. Windows will ask if you want to merge the information in that file into the Windows Registry. Answer YES.

Next you'll need to click Start and then Run and type "regedit.exe" (without the quotes of course) and click OK.

On Regedit's menu, click Edit and then Find. In the search box type "MountPoints2" (again without the quotes) and click Find Next. Regedit will search for that key, when it finds it, right click on that key in the left pane of the window and then click Delete. Regedit will ask you to confirm deleting, click YES.

Now hit the F3 key to repeat the search, each time it finds that key, delete it. When it can't be found anymore, close regedit and reboot. Autorun is now thoroughly disabled.

Technorati Tags: virus definition update, antivirus program, avg update, autorun feature, update definitions, cornflicker, Scanners, flash drives, disable autorun, avg free version, removable media, autorun, fast spreading worm, autorun inf file, Scanner, security, malware, virus, avg anti virus, virus definitions, Panda, worm, on demand scan, on access scan, Downadup

Be Sociable, Share!
  • email
If you enjoyed this post, make sure you subscribe to my RSS feed!
Want to link to this post?
Just copy this code and paste it on your site where you want the link to appear:

No Comments

Sorry, the comment form is closed at this time.