Conficker Heart Uncovered

wormSecurity experts have made a breakthrough in their five-month battle against the Conficker worm, with the discovery that the malware leaves a fingerprint on infected machines which is easy to detect using a variety of off-the-shelf network scanners. The finding means that, for the first time, administrators around the world have easy-to-use tools to positively identify machines on their networks that are contaminated by the worm.

As of March 30, signatures will be available for at least half a dozen network scanning programs, including the open-source Nmap, McAfee’s Foundstone Enterprise, and Nessus, made by Tenable Network Security. Up to now, there were only two ways to detect Conficker, and neither was easy. One was to monitor outbound connections for each computer on a network, an effort that had already proved difficult for organizations with machines that count into the hundreds of thousands or millions. With the advent of the Conficker C variant, traffic monitoring became a fruitless endeavor because the malware has been programmed to remain dormant until April 1. The only other method for identifying Conficker-infected computers was to individually scan each one, another measure that placed onerous requirements on admins. The discovery of Conficker’s tell-tale heart two days before activation may prove to be an ace up the sleeve of the white hat security world.

Source: http://www.channelregister.co.uk/2009/03/30/conficker_signature_discovery/

Information

Pragmatic Journey is Richard (rich) Wermske's life of recovery; a spiritual journey inspired by Buddhism, a career in technology and management with linux, digital security, bpm, and paralegal stuff; augmented with gaming, literature, philosophy, art and music; and compassionate kinship with all things living -- especially cats; and people with whom I share no common language.