TWEET ME

3/30/09

Conficker detection breakthrough

ust days ahead of an April 1st activation date for the Conficker worm squirming through the Windows operating system, security researchers at the Honeynet Project have scored a major breakthrough, finding a way to fingerprint the malware on infected networks.

Now, with the help of Dan Kaminsky and Rich Mogull, off-the-shelf network scanning vendors have the ability remotely (and anonymously) detect Conficker infections.

“You can literally ask a server if it’s infected with Conficker, and it will tell you,” Kaminsky explained. “Usually, we get to scan for a vulnerability but, because Conficker actually changes the way that Windows looks on a network, we now get to scan and get a “this box is infected” message which is pretty rare.”

Follow the story here


No comments: