Honeynet Offers Tools To Detect and Contain Conficker
Lesley Stahl went on to report to millions of viewers that malicious computer hackers have been creating more weapons that they plant on the Internet -- and the problem is growing. She called Conficker one of the most dangerous threats ever, infecting about 10 million computers worldwide.
Conficker earned its reputation. The worm, also known as Downadup, first appeared in late November, exploiting a vulnerability in Microsoft Windows to spread unhindered on local area networks. Its goal so far has been to install rogue software on infected computers.
Microsoft issued a patch for the vulnerability, but users who haven't installed it are open to infection as the worm spreads through portable USB flash drives. Malware authors are expected to set the wheels in motion to launch the next variant of Conficker on Wednesday.
"As you know, bad things are going to happen on April 1st: People will be sending out e-mails to their friends, telling silly jokes and putting MTAs (mail transfer agents) under a higher load," said Lance Spitzer, CEO of the Honeynet Project, an international nonprofit research organization that aims to improve Internet security.
"Besides that (but not quite that bad), Conficker will activate its domain-name-generation routine to contact command-and-control servers," he said. "We have been researching this piece of malware recently, with a focus on how to detect Conficker-infected machines."
The Honeynet Pot Project has just released a paper called Know Your Enemy: Containing Conficker. The paper presents several potential methods to contain Conficker, taking advantage of the way the worm patches infected systems, which the group said could be used to remotely detect a compromised system. The...
