Skip to navigation

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.

Latest News

Conficker caught out at eleventh hour?

Posted on 31 Mar 2009 at 15:36

Researchers claim to have discovered a method by which networks can quickly and easily detect whether they've been infected by the Conficker worm.

Conficker has so far infected around 15 million machines and is set to launch on 1 April, at which time it's believed it will phone home to download new malware packages and receive instructions.

Up until now, IT managers worried about whether they've been infected have had to scan each machine individually, or monitor servers logs to catch the worm in the process of phoning home.

These methods were rendered even more time consuming and unreliable by the Conficker C variant which was instructed to stay quiet until 1 April, but also installed its own version of the MS08-67 patch that would hide it from scanners.

However, a team of noted researchers including Dan Kaminsky claims to have found a unique signature left behind by Conficker that can be detected by almost any off-the-shelf scanner.

"What we've found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly," writes Kaminsky. "You can literally ask a server if it's infected with Conficker, and it will tell you... We figured this out on Friday, and got code put together for Monday. It's been one heck of a weekend."

The researchers will publish a paper outlining the technique in the next 24 hours, but it appears that if network admins move fast enough they need never find out what the worm had planned for 1 April.

Author: Stuart Turton

Be the first to comment this article

You need to Login or Register to comment.

(optional)

advertisement

Most Commented News Stories
Latest Blog Posts Subscribe to our RSS Feeds
Latest Reviews Subscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2008