eEye Offers Free Utility to Detect Conficker Worm and MS08-067 Patch

Posted March 31st, 2009 by eEye
in
eEye's picture

Estimates peg 9-12 million computers already infected by earlier strains of Conficker

(Irvine, CA) March 31, 2009 — In response to Conficker, breed of self-updating worms that is difficult to avoid, Researchers at eEye Digital Security (www.eeye.com) have devised a Conficker detection engine that centers on running a network scan to detect hosts compromised or vulnerable to Conficker. In a proactive measure to protect users, starting today, organizations can download from eEye a free utility that is built around the company’s Retina Network Security Scanner that will detect hosts that are compromised with this latest worm and malicious botnet or do not have MS08-067 applied, the most effective propagation technique that Conficker uses.



The Retina Utility from eEye can be downloaded at:


http://www.eeye.com/html/downloads/other/ConfickerScanner.html



The Conficker worm utilizes a variety of attack vectors to transmit and receive payloads, including: software vulnerabilities (e.g. MS08-067), portable media devices (e.g. USB thumb drives and hard drives), as well as leveraging endpoint weaknesses (e.g. weak passwords on network-enabled systems). The Conficker worm will also spawn remote access backdoors on the system and attempt to download additional malware to further infect the host.


“The Conficker worm represents predictions eEye has been making for years,” said eEye CEO Kamal Arafeh . “Blended threats can take advantage of a missing patch, propagate though a USB key, create a silent but crippling peer-to-peer network, and provide the stealthiest capabilities of a botnet using complex command and control methods. eEye Research has developed solutions to protect against these threats as monolithic entities and when combined, our solutions are very effective in identifying and stopping the propagation of blended threats such as Conficker.”


The Retina Network Security Scanner thwarts network exploits and data loss attacks by analyzing specific pieces of operating systems, applications, and policies. The tool identifies high-risk host components and determines how malware such as the forthcoming Conficker worm can potentially leverage systems for malicious activity due to missing patches, poor configurations, and vulnerabilities.


In addition to the detection of the Conficker worm, eEye Digital Security's Blink Endpoint Protection Platform can effectively protect hosts, even if they are not patched, from the propagation of this worm. Using protocol based IPS analyzers, Blink can detect and stop the malicious traffic associated with MS08-067 and block the worm from self propagating. For installations that are already infected, Blink's multi layer antivirus engine will remove the Conficker worm and provide protection until a permanent remediation is performed on the host.


System Requirements to download eEye Retina Utility for Conficker:


  • Operating System: Windows 2000/XP/2003
  • Internet Explorer Version 5.01 or higher
  • System RAM: 128 MB
  • Storage: 20 MB



    Related Links & Resources:



    The HoneyNet Project:

    http://www.honeynet.org/papers/conficker/



    Felix Leder and Tillmann Werner Analysis:

    http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker



    Microsoft Advisory - 967940

    http://www.microsoft.com/technet/security/advisory/967940.mspx



    Microsoft Malware Protection Center:

    http://tinyurl.com/absz6f



    Microsoft Security Bulletin MS08-067:

    http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx



    SANS - Internet Storm Center:

    http://isc.sans.org/diary.html?storyid=5860



    Shadowserver Foundation:

    http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090212



    About eEye Digital Security

    eEye Digital Security® is pioneering a new class of security products:integrated threat management. This next-generation of security detects vulnerabilities and threats, prevents intrusions, protects all of an enterprise’s key computing resources, from endpoints to network assets to web sites and web applications, all while providing a centralized point ofsecurity managementand network visibility.eEye’s research teamis consistently the first to identify new threats in the wild, and our products leverage that research to deliver on the goal of making network security as easy to use and reliable as networking itself. Founded in 1998 and headquartered in Orange County, California, eEye Digital Security protects more than 9,000 corporate and government organizations worldwide, including half of the Fortune 100. For more information, please visitwww.eeye.com

    Primary Agency Contact

    Victor Cruz
    MediaPR

    (401) 808-6264

    eEye@mediapr.net

    title="eEye Internet Security Press - EMEA">EMEA Agency Contact

    Ralph Klöwer
    INTERFACE Relations

    +49 (0) 89-552 688-66

    title="eEye Internet Security Press - EMEA">r.kloewer@interface.pr.de

    Corporate Contact

    Stacy Newman
    eEye Digital Security

    (949) 333-1913

    press@eEye.com

    • News Source : eEye Offers Free Utility to Detect Conficker Worm and MS08-067 Patch


    CAPTCHA
    This question is for testing whether you are a human visitor and to prevent automated spam submissions.
    17 + 3 =
    Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
    Copy this html code to your website/blog and link to this press release.

    Contact Author

    Contact this user
    CAPTCHA
    This question is for testing whether you are a human visitor and to prevent automated spam submissions.
    8 + 6 =
    Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.