Sections

 

 
Newsletter
Email:

 
RESOURCE SITES






Home | Technology | NitroSecurity Releases Updates to Address Conficker Worm

NitroSecurity Releases Updates to Address Conficker Worm

Font size: Decrease font Enlarge font
GW_Staff 02 April, 2009 12:48:00

Portsmouth, NH (Gawkwire.com) NitroSecurity, Inc. today released additional signatures and updates to bolster protection against the growing threat of the Conficker worm. NitroSecurity utilizes IPS blocking technology, windows registry & log monitoring, and SIEM correlation features all as one integrated solution to detect and block the Conficker worm. The worm has been unusually difficult to counter because of its combined use of advanced malware techniques. Since Conficker was first discovered, NitroSecurity has released over fifty signature and policy updates to address worm variations and obfuscations.

NitroSecurity's approach provides tiered protection: first through a series of IPS signatures that can block new Conficker attacks; and then through a series of techniques to detect symptoms of a Conficker infection, including Windows registry changes, the shutdown of security services, and the creation of .dll files, all of which can be indicative of a Conficker infection. If a network is infected, NitroSecurity's Security Information & Event Management product, NitroView SIEM, combines Conficker-related actions from the IPS, information from relevant Windows logs, and system vulnerability information to easily manage the root cause, identify the vectors used to propagate the worm to other systems, and quickly identify any systems that are at risk.

"Especially in large networks, a layered approach to security is the best defense against worms such as conficker, which go to lengths to cover their tracks," said Michael Leland, NitroSecurity's Chief Technology Officer. "Stopping the threat outside of your network is ideal, but if it does get in, a comprehensive approach including log analysis and SIEM capabilities will help spot the worm, track it, and remove it." The solution, which correlates security data from multiple systems to detect and block complex attacks, was first used by NitroSecurity to successfully block DNS exploits that were announced last year at DefCon. "When threats become this sophisticated, point-defenses aren't enough; everything has to work together," Leland added.

The Conficker worm, which first surfaced in October 2008, targets Microsoft Windows operating systems.




Comments (0 posted):

Post your comment comment
Please enter the code you see in the image:
  • email Email to a friend
  • print Print version
  • Plain text Plain text

 
Tags
No tags for this article

 
Rate this article
0

 
Featured author
Frank Feingold Frank Feingold is the resident IT guy for Ping! Zine and staff IT Editor. When he is not busy saving the servers from evil hackers, he can be found running his own shared hosting company Doreo.com. In his spare time he enjoys spending time with his family and shopping for new vehicles.]