Security experts have discovered a security hole within the coding that commands Conficker Worm. This discovery may be the light at the end of the tunnel for those who worry that Conficker.C may be a devastating and an uncontrollable worm infection, infecting millions of computers all over the world. You may ask, what is this special discovery and how will it ease the worry of Conficker.C?
The new discovery, that could make it easier to isolate Conficker infected systems, is not being heavily emphasized because it could give criminals a way to secretly hijack millions of computers. Security researchers and even the Conficker Cabal, a group of anti-worm researchers, are aware that exploiting too much information about discovered lapses or vulnerabilities within the Conficker coding could give the creators or hackers a new alternative to making Conficker or a newer worm infection even more devastating.
In the days to come, a volunteer organization that tracks Internet attacks called Honeynet Project, will be publishing information about how the Conficker Worm does not completely eliminate a known vulnerability or security hole. This security hole actually allows Conficker to be injected onto infected systems.
Another question that arises is will Conficker be able to update itself which is what the Conficker Cabal has been attempting to prevent for some time now. With the new knowledge gained about Conficker.C is it now known that Conficker will attempt to update itself on April 1st but how do you really know which systems are infected with Conficker? Before the research was conducted to make this discovery it was believed that when Conficker infected certain computers it patched them so you would not be able to tell which system is infected.
Network administrators would have an easier task for distinguishing a Conficker patched system from a host that is protected by Microsoft’s official patch from a weakness in Conficker’s patch for the Microsoft flaw. This was explained by IOActive’s director of penetration testing, Dan Kaminsky. Just recently the Conficker Cabal worked with others to update software vulnerability scanning tools in an effort to distinguish between Windows systems that had the official rogue security patch. From this, new detection methods are made available via free vulnerability scanners such as those from nCircle, McAfee, Qualys and nMap.
This is an essential discovery that may assist network administrators in easily finding out how infected their networks or systems are so April 1st may not be a doom and gloom day for everyone.
Some may fear that utilizing unofficial fixes or methods used by vulnerability scanners could give a false sense of security and administrators may let their guard down. We still have yet to see the full ramifications of the Conficker.C infection while the hackers who control Conficker infected systems could counteract their initial actions through their botnets. Either way we will still have to wait until April 1st to get the complete run-down on Conficker.C or any malicious actions that it will perform on systems that are already infected which may already be in the millions.