This is probably one of the most frightening security quotes I’ve heard in a long time (in regard to the latest variant of the Conficker worm):
Those responsible for this outbreak have demonstrated Internet-wide programming skills, advanced cryptographic skills, custom dual-layer code packing and code obfuscation skills, and in-depth knowledge of Windows internals and security products. They are among the first to introduce the Internet rendezvous point scheme, and have now integrated a sophisticated P2P protocol that does not require an embedded peer list. They have continually seeded the Internet with new MD5 variants, and have adapted their code base to address the latest attempts to thwart Conficker. They have infiltrated government sites, military networks, home PCs, critical infrastructure, small networks, and universities, around the world. Perhaps an even greater threat than what they have done so far, is what they have learned and what they will build next.
-SRI (http://mtc.sri.com/Conficker/addendumC)
The author(s) of the Conficker worm are literally outsmarting the combined collaboration from INDUSTRY LEADERS in security (Microsoft, ICANN, Symantec, F-Secure, ISC, etc..). I can not stress enough the importance to patch your company’s systems for the MS08-067 vulnerability (the main propagation method Conficker uses).
Nmap and Nessus have both recently released plugins that allow you to remotely scan for hosts infected by Conficker (A,B,C,D variants at the time of this writing). I recommend everyone scan their internal networks for Conflcker infected hosts — and then run Microsoft’s Malicious Software Removal Tool on systems reported as possibly being compromised. The scariest part of Conficker is that the payload can change at any time — millions of computers are helpless and at the will of the author… and we may not realize the intended purpose of Conficker or why it was created until it’s too late.
![[Slashdot]](/wp-content/plugins/slashdot.ico){kind=small}
![[Digg]](/wp-content/plugins/digg.ico){kind=small}
![[Reddit]](/wp-content/plugins/reddit.ico){kind=small}
![[del.icio.us]](/wp-content/plugins/delicious.gif){kind=small}
![[Technorati]](/wp-content/plugins/technorati.ico){kind=small}
![[StumbleUpon]](/wp-content/plugins/stumbleupon.ico){kind=small}
Leave a Comment