|« New Conficker Variant? (WORM_DOWNAD.E)||Old News That's Still New - Discussing Teredo Security Implications »|
As everyone is well aware, conficker worm variants have been exploiting MS-08-067 since November 2008 (possibly earlier). Conficker continues to spread depite the fact that a patch has been out for this vulnerability since October of 2008. The latest "C" variant of Conficker is well written and includes protection against many security products and analysis tools. The following links contain useful information on the analysis and remediation of conficker worm variants.
For remediation and scanning tools, please see:
For a list of some of the 50,000+ domain names used by Conficker C, please see:
It is also worth noting that the CSA 6.0 Dynamic Signature Generation feature protects and distributes RPC signatures dynamically based upon locally quarantined payloads. CSA Dynamic Signatures, in addition to built-in buffer overflow protection, should prevent conficker infections on CSA hosts running Cisco default rules in protect mode. We hope to have a detailed write-up on Dynamic Signature Generation and Conficker in the coming days.