Robert Westerfelt, Confliker, Downadup worm hype? Get the facts

There’s a new variant of the Conficker worm. It’s known as ‘Downadup.’ Microsoft issued a patch for the worm last October but it’s still spreading and mutating.

The worm, which some authorities say has been able to build the largest botnet on record,  works by exploiting a vulnerability in remote procedure calls that allows remote code to be executed once a vulnerable machine receives a specially crafted RPC request.  In plain English, this means that if an end user views a specially crafted Web page using Internet Explorer, his computer will request malicious code to be executed. Like many of its malicious predecessors, this worm denies infected machines Internet access to security vendor websites.

Microsoft added routines to clean up Conficker infections to the January edition of its Malicious Software Removal Tool.  Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. The National Cyber Alert System recommends that to prevent further infections by infected USB devices, users should disable the Windows auto-play feature.

Jamie Arnold, as quoted in SUNY’s Binghamton Monitors Network with Lancope’s StealthWatch  

I spent part of the morning reading about anomaly-based network monitoring. In October, IBM announced that they would no longer sell the IBM Proventia Network Anomaly Detection System (ADS). Stealthwatch seems to be getting a lot of buzz, especially with college campuses whose biggest threats probably come from right inside the network.