Threat Center Security News New weapon to stop Conficker out today
New weapon to stop Conficker out today Print E-mail
Written by Rebecca Mints   
Tuesday, 31 March 2009 01:24

A new weapon has been discovered Tuesday that is expected to put a leash on the problematic Conficker worm. Security specialists who are working overtime to find a way to fight the Internet menace has put together a general network scanner that is capable of detecting the worm even without accessing the system.

Researcher Dan Kaminsky said they are taking advantage of a quirk in Conficker to block legitimate requests by using this the new scanner to detect machines that are possibly infected by the worm.

“Using the scanner, you can literally ask the server if it's infected with Conficker, and it will tell you,” explained Kaminsky.

The discovery is the latest product of the Honeynet Project, a project that got together network-scanning companies and top researchers to analyse and defeat the Conficker worm.

The worm began wreaking havoc on the Internet last November when it exploited a vulnerability in MS Windows. Three variants have since emerged, with the latest, the Conficker.C, expected to begin infecting network-connected machines on April 1.

The company Qualys, one of the member firms of the anti-worm group called the Conficker Cabal, said that before releasing the scanning code for the networks, systems should be checked manually or turn to remote login to make sure infection has not set it.

Companies are now scambling to incorporate the network scanning code into their products, like McAfee, nCircle, Tenable and Nmap scanner.


WTW Threat Level