RSSDHS releases its Conficker tool...for the public sector
By Scott M. Fulton, III | Published March 31, 2009, 12:22 PM
In the wake of yesterday's discovery that the Conficker worm can give hints to its presence on a system in a Windows-based network by changing the network signature of that system, the US Dept. of Homeland Security released what the chief of its US-CERT division says is "the most comprehensive [tool] available for enterprises like federal and state government and private sector networks to determine the extent to which their systems are infected by this worm."
But its use, says a DHS statement published yesterday, is limited to computers -- including network infrastructure systems -- operated by the federal government and its private sector partners. For that reason, DHS says, it's distributing this detection tool only through its secured channels. Specifically, government sources may acquire the tool through the Government Forum of Incident Response and Security Teams (GFIRST) portal; and private sector partners may contact their designated Information Sharing and Analysis Center (ISAC).
For the rest of America, DHS suggests they apply a simple test to see if their system is infected, whose description may not exactly fill folks with confidence: "The presence of an infection may be detected if users are unable to connect to their security solution Web site or if they are unable to download free detection/removal tools."
In other words, if people are having a hard time finding their detection tool, that could be a sign. Compounding the problem -- especially for novices to computing -- is the fact that Microsoft's Malicious Software Removal Tool (MSRT) isn't something that presents itself in an obvious location for Windows users. In fact, some users (myself included) often resort to simply downloading the latest version rather than hunt down the executable, simply because installing it triggers it to run.
Ordinary citizens are advised to refer to Microsoft's own information on the subject, which includes how to retrofit oneself with the latest MSRT. That edition was published on March 10 (last Patch Tuesday), and does include Conficker's four known variants among the signatures it scans for.
But for novice users who may be taking the government's notice too literally, believing that because they can't find the MSRT then they may be infected, the news from Microsoft doesn't sound all that comforting either. At one point in the company's Conficker information page, it suggests that if you can't find MSRT, you actually shouldn't use it: "If you can't access those tools, try using the Windows Live OneCare Safety Scanner."
While all this is going on, regular press sources have been misinterpreting the DHS statement to make it appear that the agency has released its detection tool through Microsoft, and other sources drew the conclusion that the DHS tool was publicly available. Perhaps modern worms don't really need binary payloads to be effective these days.
well, it's april 1st, 2009 and seems the virus proved to be nothing more than an itty bitty fizzle with loads of hype.
unfortunately, homeland security showed us their true nature - self serving.
Score: 1
|A software tool from the Department of Homeland Security?
Sounds like a trap.
Score: 0
|Symptoms of the Conficker Virus:
Account lockout policies being reset automatically.
Certain Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender and Error Reporting Services disabled.
Domain controllers responding slowly to client requests.
Unusual amounts of traffic on local area networks.
Websites related to antivirus software becoming inaccessible.
Score: 0
|Why wouldn't it be available to the public?
Score: 0
|They won't release it to the public for fear that the conficker programmers will get their hands on it and modify the code to get around it.
Score: 0
|Thats probably pretty true dude... cant blame em if so
Score: 0
|How safe is this DHS stuff? Is it a ruse to plant a big brother trojan on people computers?
Score: -1
|they aren't giving out any tools for you and me...
Score: 0
|Confinker!! *runs around the room in circles screaming... wahhhhhhh
Score: 1
|funny.
homeland security was created to protect us, the citizens from attack.
seems they have their own agenda and priorities now, leaving the rest of us at the will of fate.
poetic justice would be for homeland security to suffer with a Catrina Virus.
then maybe the private sector will come to their rescue in four or five days.
Score: -1
|It is very easy to find the MSRT.
Click Start, Run, type MRT, hit enter.
Jon
Score: 0
|Well, sure, for people who know about the command line. But let's be honest: How many folks use that as often as once a month, if ever?
-SF3
Score: 0
|Commandline!?
Gee, that was the feature that makes Windows so superior to Mac!
Oh wait, that was 15 years ago...
Score: -2
|