March 31, 2009

Tool Released To Detect Conficker Worm

The U.S. Department of Homeland Security unveiled a newly developed tool on Monday that can determine if the Conficker worm has infected a computer, the AFP reported.

The U.S. Computer Emergency Readiness Team (US-CERT) developed the detection tool for the Conficker worm, also known as DownAdUP.

US-CERT director Mischel Kwon said that while tools have existed for individual users, this is the only free tool "” and the most comprehensive one "” available for enterprises like federal and state government and private sector networks to determine the extent to which their systems are infected by this worm.

Kwon said experts at US-CERT are working around the clock to increase their capabilities to address the cyber risk to our nation's critical networks and systems.

The Conficker worm has likely infected a million computers running the Windows operating system.

Microsoft has even offered a 250,000-dollar bounty for those behind the Conficker.

Windows users are recommended to apply the Microsoft security patch MS08-067, which is designed to prevent an attacker from remotely taking control of an infected computer system and installing additional malicious software.

Hackers use such malware to steal data, generate spam attacks or turn control of infected computers over to hackers amassing "zombie" machines into "botnet" armies.

Computer security specialists said the worm is programmed to modify itself on Wednesday, April Fool's Day.

Experts who have been tracking the worm say Conficker is programmed to reach out to 250 websites daily to download commands from its masters.

However, on Wednesday it will begin connecting with 50,000 websites daily for further instructions.

But it seems that no specific orders have been given to the worm by hackers, so far.

Steve Trilling, vice president of security firm Symantec, told the CBS program "60 Minutes" in a story aired on Sunday, said the interesting thing about it was the worm was only being programmed to ask for further instructions.

Symantec has issued a free trial version of its products that will detect and remove the worm.


On the Net: