Flaw in Conficker Worm May Aid Cleanup Effort
Brian Krebs writes on Security Fix:
Experts have discovered a security hole in the computer code that powers the Conficker worm, an aggressive contagion that has spread to more than 12 million Microsoft Windows systems worldwide. The security community is treading lightly with this news, because while the discovery could make it easier to isolate infected systems, it could also give criminals a way to quietly hijack millions of systems.
Conficker spreads mostly by exploiting a security vulnerability in Microsoft Windows systems, one that the software giant issued a patch to fix last October - just days before the first version of Conficker struck. Experts have known for some time now that Conficker applies its own version of that patch shortly after infecting a host system. This tactic not only prevents other malicious software from infiltrating the host via that vulnerability, but it also makes it difficult to for system administrators to find potentially infected systems simply by scanning their networks for PCs that are missing that critical software update.
But according to research to be published later this week by the Honeynet Project, a volunteer organization that tracks Internet attacks, the Conficker worm doesn't completely close the hole that allows it to wiggle into infected systems in the first place.