Graham Cluley’s blog

It's not possible to emphasise enough the importance of using sensible passwords on your network.

Not just on the areas of your network that you don't want your users to traipse through, but also on the default network shares that are present on installations of commonly used operating systems like Windows NT/2000/XP/2003.

One of the ways in which the Conficker worm (also known as Confick or Downadup) uses to spread is to try and batter its way into ADMIN$ shares using a long list of different passwords.

As you can see in the list below, it relies upon computers using poorly chosen passwords such as dictionary words, "password", "qwerty" or sequences of letters or repeated numbers:

One way to make it harder for password-cracking malware like Conficker from spreading across your network is to ensure that no-one is using a poorly-chosen password.

Simple tips for better web password security from SophosLabs on Vimeo.

And, of course, please don't delay installing the critical security patch that Microsoft issued late last year.

• Download a podcast where Sophos expert Paul Ducklin discusses the true threat posed by the Conficker virus, with Patrick Gray, host of the ITRadio programme 'Risky Business'

Further reading: Download a free Conficker removal tool and How to stop the Conficker worm on an unpatched PC.

Posted on January 16th, 2009 by Graham Cluley, Sophos
Filed under: Botnet, Data loss, Malware

                                         

Windows 7 security - A great leap forward or business as usual?

Related posts

• How to stop the Conficker worm on an unpatched PC
• Quick poll: Conficker worm - who is to blame?
• Hype, April fool's day, and the Conficker worm
• Conficker worm exploits Microsoft MS08-067 vulnerability
• Many PCs still not patched against Conficker vulnerability