About Me

Vinoo Thomas

Vinoo Thomas

Read More

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

W32/Conficker: Much Ado About Nothing?

Friday, March 27, 2009 at 4:36am by Vinoo Thomas
Vinoo Thomas

In the run-up to April 1, the media spotlight around the latest Conficker worm variant has reached a morbid frenzy. From being touted as an “April Fool’s joke” to outrageous headlines such as “Millions of computers expected to be destroyed”–no other worm in recent history has generated this much media attention. But what have we learned from history? From the days of Michelangelo to the recent Blaster, SoBig, Sober, and Kamasutra worms, the hype surrounding the activation or payload dates of major Internet worms have turned out to be only damp squibs.

What happens on April Fool’s Day is anyone’s guess. Although we still don’t know the real intent of the authors of the Conficker worm, they have consistently improved the worm by adding new functionality and anti-debugging tricks with every released variant. In order to resist the Conficker Cabal initiative, which recently blocked domain registrations associated with previous Conficker A and B variants, the worm authors upped the randomly generated domain count from 250 to 50,000. The intent behind generating and attempting to contact so many domains is to make it extremely difficult for security researchers to monitor sites that could potentially host a payload for the Conficker worm to download and execute.

What we do know is almost all the security vendors have thoroughly analyzed Conficker–also known as Downadup and Kido worm–and have good generic detection and cleaning in place. Uploading a couple of randomly selected Conficker binaries to the VirusTotal site consistently shows an overall anti-virus detection rate of 90 percent or above. And these high detection rates are across vendors–small or big.

To prepare for any trouble on April 1, McAfee now offers a special build of its standalone cleaning tool Stinger, which will be updated on a daily basis to include any undetected Conficker variants from the wild. This special build of Stinger can be downloaded from the Avert Tools site. We’ve also posted detailed documentation on mitigation steps that security staff within organizations can take to combat W32/Conficker. Additional McAfee product coverage information for MS08-067–the Microsoft Windows Server Service vulnerability, which is exploited by the worm–can be viewed at the McAfee Threat Center.

Please ensure that your copy of Microsoft Windows is patched and your security software is fully up to date. That way you won’t end up an April Fool.

Bookmark and Share

Tags: , ,

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (9)

  • Para April 2, 2009 3:26AM

    Thursday, April 02, 2009, 5:18:58 AM
    Unfortunately I have had to use McAfee’s ‘Stinger’ many, many, moons ago. It’s a very good tool & save my bacon [PC]! Just download the file to your computor desktop or a download folder. Scan it with your AV & a Spyware scanner, then go to its properties & unblock it. Then your ready to enable Stinger & let it do its thing. You won’t be sorry, you took those extra steps.
    Thanks McAfee! Stingers a great tool to use.

    Reply
  • RE April 1, 2009 10:55AM

    I’ve read all 8 of your responses and I have deemed you all to be total idiots… please turn in your computers to the nearest Goodwill donation center as none of you have the minimal mental capacity required to own or operate a home PC.

    Reply
  • Dan April 1, 2009 10:27AM

    The http://vil.nai.com link is legit. McAfee used to be Network Associates Inc. and just hasn’t updated all of their URLs yet. In fact if you google network associates, it brings you to McAfee pages.

    You can get McAfee’s free SiteAdvisor tool to tell you if you are visiting an unsafe site or downloading a risky file. Get it here http://www.siteadvisor.com/

    Reply
  • Vic April 1, 2009 1:09AM

    I am of the same mind as Gail. I went to McAfee site and clicking on the security advisory link led me to labs.com. The article describes ” McAfee now offers a special build of its standalone cleaning tool Stinger, which will be updated on a daily basis to include any undetected Conficker variants from the wild”

    attractive offer, but clicking on the stinger link leads to this:

    you have chosen to open stinger_Coficker.exe which is a binary File from http://vil.nai.com

    This does not give any confidence in McAfee as this doesn’t look legit, yet you get to it from their website

    Reply
  • Don March 31, 2009 6:05PM

    I lost the message regarding the resubscription to McAfee. I want it, since AOL no longer furnishes it. Thanks for Stinger.

    Reply
  • Douglas Barrett March 31, 2009 12:28PM

    When I click on the McAfee removal tool shown on the PC World article on msn.com, my IE warning says the download from McAfee has no valid digital signature. I’m trying to do a Conficker check on my computer but am paranoid about clicking on anything that appears suspicious. I have McAfee anti-virus installed on my PC.

    Reply
  • gail March 31, 2009 12:12PM

    i am very leary of downloading any tool for my computer…once again .. is this really a real tool or perhaps the worm itself?

    Reply
  • Matthew March 31, 2009 7:16AM

    Where does Shakespeare come into play? Much Ado About Nothing sounds like a poorly chosen name for this virus.

    Reply
  • Becky March 30, 2009 8:18PM

    The executable on the Stinger page has no publisher entry. Is this real?

    Reply