A Plan to Catch the Conficker Worm

Continued from page 1

Bruce Schneier, chief security technology officer at BT Counterpane, says the new tool's ability to seek out the virus remotely should be useful, since it will let people scan a huge number of machines very quickly. This is important, Schneier says, because the worm is such a nasty pest. "Conficker is an extremely well-written, extremely well-designed, extremely well-executed worm," says Schneier. "It really is an impressive piece of work, and there's someone really smart behind it." But Schneier adds that it's important for computer users and administrators to protect their machines against a variety of malware, not just a single threat.

"If you've been running a good environment, you shouldn't be worried about this," says Rich Mogull, founder of the security-consulting company Securosis, who helped connect the Honeynet researchers and Kaminsky with network-security vendors over the weekend. Mogull notes that Microsoft has already released several patches that block the vulnerability that Conficker uses to infect a machine. However, he says that companies worried about Conficker should start scanning for it right away, after checking to see if their network-security tools have been updated.

Kurt Rohloff, a scientist who studies Internet worms at the research and development company BBN Technologies, says that the tool could prove useful, though he doubts that there's time to find and neutralize every computer infected with the worm. Rohloff says that the new scanner could be used to take preventive action by identifying infected hosts and removing them from the network, though he admits that this approach is "drastic, because you're removing connectivity."

Kaminsky notes that the tool is intended for organizations with large networks. For individuals, he says, the best approach is to make sure that the latest security updates are installed and up-to-date antivirus software is running. Since Conficker blocks a computer from accessing certain security websites, users could test for the worm by trying to visit those sites, Kaminsky says. Werner and Leder plan to release a paper within the next day, describing the technical details of their discovery.