InfoSec Philippines

Information Security, Technology News and Opinions

Posts Tagged ‘dns’

Much ado about Conficker

Posted by Jaime Raphael Licauco, CISSP, GSEC on March 31, 2009

There’s been much hullabaloo about the Conficker worm lately, especially since it’s supposed to phone home to around 500 servers (from a possible 50,000) this coming April 1st. So much so that even the New York Institute of Photography has sent an e-mail warning and telling photographers to back up their files just in case. Microsoft started a group called Conficker Cabal around mid last month that has unfortunately only had partial success, since on March 5th, around a fifth of infected machines updated themselves from variant B to variant C.

I doubt that typical users will get affected by it that much… BUT if you’re an Admin that wasn’t able to patch soon, then you may be in for a long day.

Researchers from the Honeynet Project have released a proof of concept (PoC) to detect the worm by using network scanners. The PoC code can be found at the Computer Science site of the University of Bonn.

Nmap has released 4.85 Beta 5 which contains the Conficker detection logic, and so have Qualys and nCircle.

You can also check out Dan Kaminsky’s personal blog for more info. By the way, his blog has a cool little tool that may detect if your DNS is vulnerable to what he discovered last year (check out this illustrated guide to the vulnerability).

Other Conficker News:
(Computerworld) Researchers exploit Conficker flaw to find infected PCs
(Security Focus) Researchers find way to detect Conficker
(The H Security) German researchers develop network scan for Conficker worm
(SC Magazine UK) Malware expert believes that Conficker author will create a new variant
(SC Magazine US) Conficker detection tool released as D-Day nears


Seminars and Conventions
ISACA Manila will be holding their annual conference with the theme, “IT Governance: Solving the Puzzle” this coming April 14 and 15 at the Renaissance Hotel, Makati City. The conference will have a plenary session on IT Governance topics such as IT Management, IT Security, IT Auditing and IT Risk Management. For more info, check out the ISACA Manila Conference Website, call the Secretariat at (+632) 894-2533, (+63919) 288-4410, or email them at secretariat@isaca-manila.org.


Advertisements

Posted in News, Philippines, seminars | Tagged: , , , , , , , , , , , , , | Leave a Comment »