Estimates peg 9-12 million computers already infected by earlier strains of Conficker

(Irvine, CA) March 31, 2009 — In response to Conficker, a breed of self-updating worms that is difficult to avoid, Researchers at eEye Digital Security (www.eeye.com) have devised a Conficker detection engine that centers on running a network scan to detect hosts compromised or vulnerable to Conficker. In a proactive measure to protect users, starting today, organizations can download from eEye a free utility that is built around the company’s Retina Network Security Scanner that will detect hosts that are compromised with this latest worm and malicious botnet or do not have MS08-067 applied, the most effective propagation technique that Conficker uses.


The Retina Utility from eEye can be downloaded at:
http://www.eeye.com/html/downloads/other/ConfickerScanner.html

The Conficker worm utilizes a variety of attack vectors to transmit and receive payloads, including: software vulnerabilities (e.g. MS08-067), portable media devices (e.g. USB thumb drives and hard drives), as well as leveraging endpoint weaknesses (e.g. weak passwords on network-enabled systems). The Conficker worm will also spawn remote access backdoors on the system and attempt to download additional malware to further infect the host.

“The Conficker worm represents predictions eEye has been making for years,” said eEye CEO Kamal Arafeh . “Blended threats can take advantage of a missing patch, propagate though a USB key, create a silent but crippling peer-to-peer network, and provide the stealthiest capabilities of a botnet using complex command and control methods. eEye Research has developed solutions to protect against these threats as monolithic entities and when combined, our solutions are very effective in identifying and stopping the propagation of blended threats such as Conficker.”

The Retina Network Security Scanner thwarts network exploits and data loss attacks by analyzing specific pieces of operating systems, applications, and policies. The tool identifies high-risk host components and determines how malware such as the forthcoming Conficker worm can potentially leverage systems for malicious activity due to missing patches, poor configurations, and vulnerabilities.

In addition to the detection of the Conficker worm, eEye Digital Security's Blink Endpoint Protection Platform can effectively protect hosts, even if they are not patched, from the propagation of this worm. Using protocol based IPS analyzers, Blink can detect and stop the malicious traffic associated with MS08-067 and block the worm from self propagating. For installations that are already infected, Blink's multi layer antivirus engine will remove the Conficker worm and provide protection until a permanent remediation is performed on the host.

System Requirements to download eEye Retina Utility for Conficker: