technology
Hardware
Chips
Graphics
Notebooks
Peripherals
Servers
Software
Science
Internet
Defence
Research
Unbelievable
telecoms
Applications
Broadband
Digital Content
Infrastructure
Mobile
business
Financials
Legal
Logistics
Resellers
Retail
Security
Rumour
Letters
outsourcing
BPO
Outsourcing
CRM
NewsNow
NewsNow
NewsNow
RSS Feed


Thursday, 2 September 2010 19:34 UK Login |  Bengaluru, India


 

Mirage Networks battles Downadup worm

Over 10 million PCs now infected by insidious wiggler

By Aharon Etengoff in San Francisco @ Friday, January 30, 2009 9:43 AM

 
 

Mirage Networks has designed a solution that detects and isolates the rapidly-spreading Downadup worm.

The insidious worm, also referred to as Conficker, is reportedly capable of infecting patched machines through USB drives or file shares. The program also blocks systems from accessing anti-virus sites to download critical updates.

"The worm's behaviour thus far leads us to believe that it is either a distraction to mask more nefarious malware, or it's lying dormant until some trigger causes it to unleash its potential," explained Grant Hartline, chief technical officer for Mirage Networks. "The worm has circumvented firewalls, anti-virus software and other traditional security measures. And while some NAC solutions can help ensure systems are patched prior to gaining network access, that clearly isn't enough in this case."

Mirage's NAC solution, which ensures endpoints have required operating system patches installed, finds the worm using advanced threat detection techniques. NAC then isolates infected machines, thereby protecting all systems on the network from further propagation. 

"Regardless of the worm authors' intent, this is definitely something you do not want on your network," said Hartline. "When systems are up to date on anti-virus, have OS patches in place specifically to address the flaw, and are still being infected, it's an eye-opener. This is a perfect example of why we remain focused on interior network security."

As IT Examiner previously reported, the stealth Downadup worm continues to infect millions of unpatched Windows machines at an alarming pace.

"Downadup is a really advanced worm - the likes of which we haven't seen in many years," Shavlik CTO Eric Schultze told IT Examiner. "Once a single machine is infected in a corporate environment, it can spread itself to all of the other corporate machines, whether they've been patched or not.  Although some reports say the worm is a dud, I believe that it's simply 'sleeping' and may be woken up at a future date to execute some set of evil instructions," said Schultze.

Phillip Lieberman, CEO of Lieberman Software, blamed the spread of Downadup on the relatively slow adoption of Windows Vista.

"The core of the problem is centred on the massive number of home users and SMB that have no IT department and don't use the automatic update feature built into Windows. This outbreak is the proof point that home users must migrate to the more secure and better designed operating systems such as Microsoft Vista and Windows," added Lieberman. X

Check Out
IT Examiner

 
  Add Comment 
  
Copyright 2009 - ITExaminer.com  Terms Of Use  Privacy Statement  Contact Us