Virulent Worm Exploits Missing Patches


Recommended Posts

Virulent Worm Exploits Missing Patches

The Conficker worm shows why it's so important to keep PCs up-to-date.

Erik Larkin, PC World

Think massive worm outbreaks are obsolete? Then say hello to the Conficker worm, aka Downadup. In January it slithered onto millions of computers unprotected by a critical patch that Microsoft had issued back in October.

The patch fixed a hole in the Windows Server service, most desktop and server versions of Windows use. Without it, a PC is vulnerable to attack by infected PCs across a network. A firewall can block external attacks of this sort, but business network firewalls generally offer little protection against threats from within the network. And businesses can be slow to patch company computers.

First double-check that you have the October patch noted above (available for Windows 2000, XP, Vista, Server 2003, and Server 2008) on both your home and work PCs, by running Windows Update. And be aware that a thumb drive or laptop you bring home from work can spread Conficker as well.

PC World - http://www.pcworld.com/article/159238/arti...ml?tk=nl_spxnws

Link to post
Share on other sites

Free Defense Against the Conficker Worm

Erik Larkin

The rampaging Conficker worm (aka Downadup) has managed to infect millions of PCs across the globe, but it has an Achilles heel. One that a company called OpenDNS plans to strike starting Monday.

Many types of malicious software like Conficker have to connect to a command center to receive orders, which in the case of Conficker might be to download additional software like a keylogger or data-stealing Trojan. Without those orders, the malware just sits there.

Conficker uses an algorithm to create a list of 250 domain names each day that it will check for commands, according to David Ulevitch, CEO of OpenDNS. So its creators can register any of those 250 domains for any given day and be able to issue orders to the millions of worms.

Antivirus companies like F-Secure and Kaspersky have cracked that algorithm and can predict which domains Conficker will attempt to contact on any given day, and F-Secure has previously offered that predictive list to network administrators who could use it to block computers in their network from connecting to any of those domains.

Come Monday, OpenDNS will use a similar approach to block any computer or network that uses the company for its domain name system (DNS) service, which translates the human-friendly names like pcworld.com into the IP addresses used by machines, from getting a DNS record for a Conficker domain. Using a list from Kaspersky, OpenDNS will refrain from sending a requested domain-name-to-IP-address translation for any such domain, effectively neutering the worm by blocking it from reaching a command center.

Story: http://www.pcworld.com/article/159126/arti...ml?tk=nl_spxblg

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...