Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Qualys battles Conficker with remote detection

Qualys : 31 March, 2009  (New Product)
Enterprise network managers can now have wider visibility of Conficker worm intrusions and control its spread across the network
Qualys has added remote detection of the Conficker Worm, which has been spreading in corporate networks since November of 2008. This detection was added to QualysGuard Vulnerability Management in order to help organizations remotely identify the multiple variants of this worm and control its spread within enterprise networks.

Conficker is a worm that spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability announced in October 2008. It can spread to corporate network shares that are not protected with strong passwords and by infected USB sticks. Conficker creates a file that runs automatically on all mapped drives which is executed when the drive is accessed and then spreads to other drives connecting to an infected machine. Once a system is infected, Conficker blocks all access to security-related Web sites, preventing users from updating security software from those Web sites.

Conficker leaves a fingerprint on infected machines that can be detected remotely by using special RPC calls. The QualysGuard detection for Conficker is in QID1227, categorized as urgent with severity level 5, and the detection identifies all variants including Conficker.A, B, C or W32.Downadup.B. Organizations are encouraged to scan their global networks in order to identify infected systems, use Antivirus/Antispyware to remove the infection and then apply the Microsoft Patch from Security Bulletin MS08-067. As of late January 2009, 30 percent of all Windows machines remained unpatched.

"This new detection method allows IT administrators to remotely detect the Conficker virus directly on the infected machines without needing credentials or an agent installed. For many large enterprises, this represents an opportunity to perform a quick and non-intrusive audit of their patching efforts," said Wolfgang Kandek, CTO of Qualys, who participated in the multivendor initiative over the weekend to implement this detection. "This security breakthrough will help many organizations tame Conficker and stop it from spreading within their networks. Special thanks to Dan Kaminsky and Rich Mogull for their efforts to pull the community together on very short notice, and for helping us add this detection within QualysGuard."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo