New method to detect Conficker

Hours before it’s set to become active, IT experts have discovered a new way to detect Conficker on a networked computer.

“What we’ve found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly. You can literally ask a server if it’s infected with Conficker, and it will tell you…We figured this out on Friday, and got code put together for Monday. It’s been one heck of a weekend.” says security researcher Dan Kaminsky.

Microsoft issued a patch to fix the vulnerability last October but millions of millions of computers that are running pirated versions of Windows have been left  unpatched. Computers on corporate networks are also thought to be vulnerable, because it can be difficult for system administrators to identify and neutralize the Conficker worm.

It is important to note the scanner does not actually remove the worm, it simply makes it easier to map where Conficker starts and where it tries to go. Full details about the scanner are expected to be released soon.

[Via ars technica]