RSS Alerts

Share

More services

Related Links

  • ESET
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Comment: Thoughts from a security researcher on Conficker
    Patrick Runald, senior threat research manager at Websense Security Labs shares his thoughts on Conficker as the worm reaches its first anniversary of appearing in the wild.
  • Conficker's first birthday looms - seven million IPs still infected
    As Conficker approaches the first anniversary of its appearance in the wild, the Shadowserver Foundation says that at least seven million IP addresses - each representing one or more computers - are now infected by the worm.
  • Nine lives - when malware becomes self-modifying
    As the Conficker (aka Downadup and Kido) worm proved when it first appeared in October 2008, there's more to a piece of malware code than meets the eye, especially when it is self-updating. But can self-updating also mean self-modifying? Steve Gold investigates whether an IT security manager's nightmare has become programming reality...
  • Conficker methodology appears in updated Neeris worm
    Even though version D of the Conficker worm failed to cause havoc - as was widely predicted - on April 1, the worm's methodology continues to cause problems in the shape of an updated version of the Neeris worm.
  • Should infected computers be prevented from connecting to the internet?
    There is a growing movement demanding that infected PCs be forcibly disconnected from the internet. The suggestion is that internet access is a privilege rather than a right, and that it should be revoked for PCs that are infected with malware.

Top 5 Stories

News

2010 set to become the year of internet caution

18 January 2010

Research just released by ESET claims to show that, whilst Conficker might have ended 2009 accounting for 9.85% of all malware, the next year or two will see an increasing emphasis on the isolation of infected systems until their owners take remedial action.

ESET says that, based on information from its ThreatNet operation, it expects ISPs to implement technologies to identify users who are infected with malware and take steps to block their Internet access until their machines are cleaned up.

ESET says its expects it will take a few years before this practice is the norm for ISPs, rather than the exception, but the prevalence of such practices will increase.

David Harley, ESET's director of malware intelligence, said he expects Conficker infections to be in decline by now if people were taking commonsense precautions.

"The concept of the walled garden has been spoken about for some time, but following the success of projects such as those seen in Australia, we expect to see more ISPs adopt this approach in the near future, and that will reduce the impact of malware like Conficker", he said.

Conficker, he explained, is easy to diagnose, identify and remedy – both proactively and reactively.

In the 'walled garden' scenario, he said, a user's computer that has been recognised as exhibiting behaviour suggesting that it is infected with malware or has become part of a botnet is not allowed full access to the internet until the infection has been cleaned.

According to Harley, although this is a somewhat draconian measure, it does have merit in terms of the common good.

The downside, however, is that any false positives will be exceptionally annoying and troublesome for consumers and ISPs alike, as quarantine systems are fine tuned and the kinks ironed out.

Harley went on to say that ESET's research team in San Diego has detailed Conficker issues steadily through 2009 and expects to continue to report on the worm in 2010.

 

This article is featured in:
Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012