Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

On April 1, a computer worm called Conficker, which has already infected millions of machines worldwide, is expected to do something bad, though no one knows exactly what. Some experts fear that an army of infected machines could be ordered to launch a coordinated attack or send out a barrage of spam. But a tool released today could help lessen the impact by allowing big companies and institutions to quickly weed out infected machines by scanning entire networks for signs of infection.

Analysis of the Conficker worm has previously revealed that infected computers will “phone home” on April 1 to receive a new set of instructions. It is already possible to detect the worm by scanning machines individually, but this is a relatively time-consuming process. It’s also possible to detect the bug by watching for outgoing communications sent across a network, but the latest version of Conficker is designed to stay silent until April 1.

Dan Kaminsky, director of penetration testing for the Seattle-based security company IOActive, helped create the new scanning tool and says that it can identify an infected machine by recognizing the way it presents itself to the wider network. This makes it quick and easy to scan for the worm remotely and does not require any special access to machines. “It’s like driving through a neighborhood looking for houses with big signs on their doors,” Kaminsky says.

The tool was created after Tillmann Werner and Felix Leder, members of an independent research organization called the Honeynet Project, asked Kaminsky to review their research on Conficker. The pair had figured out that the worm changes the way a machine appears on a network. Kaminsky seized on this, suggesting that the researchers create a tool that uses this information to find infected machines. The researchers built such a tool and worked through the weekend to get it ready for broad distribution to suppliers of other security software. “Whatever vulnerability scanner a company is using, it should have support for this by the end of the day,” Kaminsky says.

4 comments. Share your thoughts »

Credit: Technology Review

Tagged: Computing, Web, security, Internet, networks, Internet worms

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me