Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with Security Risks
Showing posts in English
khaley | 01 Apr 2009 | 0 comments

Conficker; there has probably never been a virus or worms with so much written about it.  And now that’s it’s April 1st and the world has not come to an end, many people are no doubt questioning whether Conficker was a bust and nothing we didn’t needed to worry about, if the threat itself was over hyped, and it all the electronic ink spilled about this threat was worth it.  I’ll give you my opinion, but first a status update of Conficker.

April 1st has come and as predicted machines infected with Downadup.C have switched to the new communication algorithm.  But when these infected machines are able to communicate back to a Command & Control server they are not getting updated with a malicious code payload.  In other words, no large or small, malicious attack has been unleashed by Conficker.

So is Conficker a bust for the bad guys?  No.  One thing we can tell about this worm is that whoever is behind...

khaley | 31 Mar 2009 | 22 comments
Interest in the Conficker (or Downadup) is reaching a frenzied peak.  As media interest in this worm continues to rise, customers are asking if Symantec is ready for Conficker. The answer is a resounding yes.  Symantec customers are already protected (as long as they are running the latest AV and IPS definitions). This article provides a short overview of Conficker (Downadup) and the protection offered by Symantec products.
Conficker first appeared in late 2008 as the first worm in the wild to leverage a newly reported vulnerability in Microsoft Windows’ Remote Procedure Call (RPC) service (MS08-067).  Symantec named the worm Downadup, but over time the popular name for this threat has become Conficker.  Symantec customers were quickly protected from the vulnerability with newly released IPS and AV signatures. 
In late November,  a new variant...
Ben Nahorney | 31 Mar 2009 | 0 comments

How do you summarize the functionality of a threat like Downadup? It sounds like the sort of challenge taken up only by folks that can solve a Rubik’s Cube in 30 seconds or less. If someone asked me do so in a sentence, here’s how I’d do it:

“Yeah, right.”

Then again, I was that kid who solved his Rubik’s Cube with a screwdriver. Downadup isn’t one of those types of threats that lend themselves to an in-a-nutshell summary. It happens to be one of the most complex threats we’ve seen in the history of malicious code. Still, let’s give it another try:

“Downadup is a worm.”

True, but this glosses over so, so much. Third time’s the charm?

“Downadup is a worm that spreads by exploiting a vulnerability without DoSing the network with traffic (as well as removable and network drives, by bruteforcing network shares and utilizing P2P techniques), uses GeoIP data to determine...