Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Conficker Vulnerability a Boon to Network Administrators

Security experts have found vulnerability in a PC code that strengthens the Conficker virus, a belligerently infecting worm that has already spread to more than 12 Million Microsoft's Windows computers across the world.

As observed earlier, the virus propagates itself chiefly by exploiting a security flaw that critically affects the Windows operating system. Microsoft has named this flaw MS08-067. However, when Conficker infects a system, it does not allow other malware to make its way into it via the same vulnerability. To accomplish this, the virus tries to patch the flaw with the help of a self-tailored update instead of the one from Microsoft.

This effort of patching on its own is where Conficker's weakness exists.

Commenting on this point elaborately, Dan Kaminsky, Director of Penetration Testing at IOActive, who was also involved in The Honeynet Project, wrote on a personal blog that Conficker modifies Windows different from what it actually appears on the system network. Subsequently, a remote attacker can detect this modification very fast while remaining anonymous. One can virtually get a server to say whether it is infected with the Conficker worm, as reported by ZDNet Asia on March 31, 2009.

The researcher further wrote that till now network admins really haven't found a reliable and easy method to determine the extent of infection on their networks.

Moreover, all of the worm's variants i.e. .A, .B and .C spread their infection despite releasing a patch for the MS08-067 flaw by Microsoft. This implies that it is possible to identify not just unpatched computers that the Conficker has infected, but also all other computers that have been compromised via USB sticks, network shares and so on.

Meanwhile, the finding has resulted in some concerns as well. Some experts believe that the publicity of the bungled fix's details could provide cyber criminals the directions with which they could bypass the protection devices and gain command over the Conficker botnet even though partly. Alternatively, security specialists with good intentions might unleash a virus that exploits the fake update's vulnerability to remove Conficker from the infected PCs.

Related article: Conviction of First Felony Spam in Virginia Upheld

» SPAMfighter News - 4/6/2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next