eEye Digital Security (www.eeye.com) have invented a Conficker (breed of self-updating worms) detection engine that centers on running a network scan to detect hosts settled or vulnerable to Conficker.
We can download from eEye a free utility that is built around the company’s Retina Network Security Scanner that will detect hosts that are compromised with this latest worm and malicious botnet or do not have MS08-067 applied, the most effective propagation technique that Conficker uses.
The Conficker worm uses a variety of attack vectors to transmit and receive payloads, including: software vulnerabilities (e.g. MS08-067), portable media devices (e.g. USB thumb drives and hard drives), as well as leveraging endpoint weaknesses (e.g. weak passwords on network-enabled systems).
eEye Digital Security’s Blink Endpoint Protection Platform can also effectively defend hosts by applying protocol based IPS analyzers, even if they are not patched, from the propagation of this worm.
Blink can detect and stop the malicious traffic linked with MS08-067 and block the worm from self spreading. For installations that are already infected, Blink’s multi layer antivirus engine will remove the Conficker worm and provide protection until a permanent remediation is performed on the host.