Experts brace for possible computer worm attack
Facebook Twitter google+ RSS Feed

Experts brace for possible computer worm attack

Tuesday, 31 March 2009, 11:15 Hrs   |    3 Comments
Printer Print Email Email
San Francisco: Government and private security teams are in a rush to gear up for a possible attack by a computer worm that threatens to carry on disruptive activities April 1.

The Conficker worm, also known as Downadup or Kido, first appeared last November and is estimated to have infected millions of computers worldwide.

By exploiting a vulnerability in Microsoft's Windows operating system, the worm can infect users' computers and spread to other computers across a network automatically, without human interaction.

Computer security experts believed that a new variant of Conficker, which surfaced this year, could contact 500 of 50,000 randomly generated domain names April 1 to receive updated copies or other malicious commands.

A domain name is the address of a website that can help connect computers on the Internet. Previous Conficker variants were written to connect to 250 domain names.

The US Department of Homeland Security (DHS) Monday released a tool that can detect whether a computer is infected by the worm.

The tool can be used by federal government, commercial vendors, state and local governments, and critical infrastructure owners as well as operators to scan their networks for the Conficker worm, the DHS said in a statement.

A team of researchers from the Honeynet Project, an international non-profit Internet security research organisation, also announced Monday that they have discovered a flaw in Conficker which makes it much easier for users to detect infected computers.

After finding the flaw last Friday, the researchers quickly developed a new scanning tool for detecting Conficker over the weekend and is making it publicly available ahead of the worm's scheduled activation date.

"What we've found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly," Dan Kaminsky, one of the researchers, wrote on his blog.

"You can literally ask a server if it's infected with Conficker, and it will tell you," he added.

Meanwhile, in a move to calm the computer users, security experts are playing down the havoc that Conficker may cause.

The worm is going to change its operation a bit, but it is unlikely to cause anything visible April 1, Mikko Hypponen, chief research officer of computer security company F-Secure, said in a posting on the company's blog.

"Although we don't think anything will happen on this particular date, Conficker is nothing to laugh about. The gang behind this is serious and we should not underestimate them," he noted.

"The general public should not be alarmed, but should, as always, exercise caution and implement security best practices into their daily computing routines," Vincent Weafer, an expert of computer security company Symantec, said in a statement.
Source: IANS
Experts on SiliconIndia
Santhosh  K
Sr. Soft. Engg.
Oracle India
Nehal Vyas
Sr. Team Lead
Cyberoam Tech.
Rani Malli
Sr. Director
Philips
Sr. Executive
ISB
Vijay Balkrishna Konduskar
Business Consultant
Imans Web Tech
Dr L P  Sharma
Technical Director
NIC
Reena Khanna
Founder
Solitaireworld
Dellas  Asse
sys-network admin
Computer Station
Write your comment now
Submit Reset
Reader's comments(3)
1: It is difficult for general public to detect and exercise caution for this type of sudden infection of computer by worm. It is always better if the operators take the caution by scanning the network for any type of infection on any computer.
Posted by:Prakash Kumar Rath - 31 Mar, 2009
2:
Whose Terrible,east quarter earth operate hall up up competition unlikely breath favour speed appearance sing concerned friend place prospect limited ordinary easily drawing love duty campaign half belief natural call available increase invite like work impact tell catch threaten necessary background might chief protection set attempt both establish notice realise set combination south shout value temperature any library appearance today woman pupil latter prepare series past lip date beat amongst function appearance fast opposition refuse damage later similar those act spot demand incident plus island morning option design change extent find national individual see sound yourself identify
hotel Türkei Replied to: Prakash - 30 Jan, 2010
3: Whose Terrible,east quarter earth operate hall up up competition unlikely breath favour speed appearance sing concerned friend place prospect limited ordinary easily drawing love duty campaign half belief natural call available increase invite like work impact tell catch threaten necessary background might chief protection set attempt both establish notice realise set combination south shout value temperature any library appearance today woman pupil latter prepare series past lip date beat amongst function appearance fast opposition refuse damage later similar those act spot demand incident plus island morning option design change extent find national individual see sound yourself identify
Posted by:hotel Türkei - 30 Jan, 2010