Verizon Business customers, and security professionals generally, should resist succumbing to a herd mentality and fear of the unknown surrounding the Conficker worm. In most respects, Conficker (a.k.a. Downadup or Kido) is just another piece of crimeware threatening Windows computers. The known risks it represents are minimal; so far, versions A and B simply spread and version C is presently dormant. They impact the integrity of infected systems but the costs are limited to disinfection. Our defenses are set and we are alert for significant changes in the risk environment if they come, but risk has changed little at this time regardless of the apparent desire of the technical press and the blogosphere to indicate otherwise.

Conficker is not generating spam revenue for the outlaws, nor is it exporting data from infected systems or any of the other myriad of hostile activities current crimeware usually exhibits. Infected systems are under the control of a criminal and could begin executing more criminal instructions. On April 1st, 2009, version C is expected to begin listening for instructions from its master(s) using a new Command and Control (C&C) method.

(more…)

It was easy to find fault with the coverage and hacker worship that accompanied a recent exploit-writing contest held at a security conference, but it was tough to decide on a title for this post. A few came to mind, such as the following:

• News flash: Computer users can hurt themselves!
• Warning: Hackers can pwn boxes to which they have physical access!
• Amazing! Computers can do things quickly!

Two individuals are receiving accolades because they wrote code that exploits a very old attack vector and received laptop computers as a reward. The code is new but the story is old.

(more…)

So rumors abound that a paper and exploit code will be published today that use a vulnerability in a processor’s caching mechanism to install code that is being called “undetectable.”

If it appears that we’re obviously not stating names and vendors, you’re right, we aren’t. At the time of writing all we’ve seen is speculation.

But let’s just take one aspect of the current hoopla: “Can something be installed on your computer and become undetectable?”

(more…)