Government Technology

New Tool Detects Conficker Worm on State and Local Computers



March 30, 2009 By

The Conficker worm, which has infected as many as 15 million computers according to some estimates, may do any number of things come Wednesday. Conficker-infected machines could be used for sending spam, logging keystrokes, or launching denial of service (DoS) attacks. But security experts are not predicting any widespread damage. The greatest impact they say the worm may have is to slow networks to a crawl as copies of the worm in infected machines search a list of 50,000 domain names for instructions indicating what to do next.

According to the United States Cyber Emergency Readiness Team (US-CERT) the worm can infect Microsoft Windows systems from thumb drives, network share drives, or directly across a corporate network if network servers are not protected by Microsoft's MS08-067 patch.

The US-CERT has developed a tool that can help state and local governments detect and remove the Conficker/Downadup worm from their computer systems. Developed by the United States Computer Emergency Readiness Team (US-CERT), the tool is available to state partners through the Government Forum of Incident Response and Security Teams (GFIRST) portal.

Experts briefed state and local CIOs and chief information security officers today, the the Department of Homeland Security said in a press release. "While tools have existed for individual users, this is the only free tool - and the most comprehensive one - available for enterprises like federal and state government ... to determine the extent to which their systems are infected by this worm," said Mischel Kwon, US-CERT director.

US-CERT recommends that Windows users apply Microsoft security patch MS08-067 (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx) as quickly as possible to help protect themselves from the worm. This security patch, released in October 2008, is designed to protect against a vulnerability that, if exploited, could enable an attacker to remotely take control of an infected system and install additional malicious software.

US-CERT advised home users that the presence of the worm may be detected if users are unable to connect to their security solution's Web site or if they are unable to download free detection/removal tools.

 

 


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Cybersecurity in an "All-IP World" Are You Prepared?
In a recent survey conducted by Public CIO, over 125 respondents shared how they protect their environments from cyber threats and the challenges they see in an all-IP world. Read how your cybersecurity strategies and attitudes compare with your peers.
Maintain Your IT Budget with Consistent Compliance Practices
Between the demands of meeting federal IT compliance mandates, increasing cybersecurity threats, and ever-shrinking budgets, it’s not uncommon for routine maintenance tasks to slip among state and local government IT departments. If it’s been months, or even only days, since you have maintained your systems, your agency may not be prepared for a compliance audit—and that could have severe financial consequences. Regardless of your mission, consistent systems keep your data secure, your age
Best Practice Guide for Cloud and As-A-Service Procurements
While technology service options for government continue to evolve, procurement processes and policies have remained firmly rooted in practices that are no longer effective. This guide, built upon the collaborative work of state and local government and industry executives, outlines and explains the changes needed for more flexible and agile procurement processes.
View All

Featured Papers