Lock and Code S1Ep2: On the challenges of managed service providers

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to two representatives from an Atlanta-based managed service provider—a manager of engineering services and a data center architect—about the daily challeng...

Infection Monkey v1.6 - An Automated Pentest Tool

The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self-propagate across a data center and reports success to a centralized Monkey Island server. The Infection Monkey i...

Primary Stuxnet Advisory

OVERVIEW ICS-CERT has been actively investigating and reporting on the Stuxnet vulnerability. To date, ICS-CERT has released ICSA-10-201-01 - Malware Targeting Siemens Control Software including Updates B & C and ICSA-10-238-01 - Stuxnet Mitigations including Update B. Stuxnet uses four zero-day...

Spotlight on Malware DGA Communication Technique

Written by Avi Aminov and Or Katz Overview Imagine you are standing in the middle of a crowded train station and want to have a private conversation with an old friend. You've been waiting for the perfect time to contact him and get some advice on how to move forward with some important life...

More than one! Dell and a root certificate vulnerability be exploited by hackers-exploit-warning-the black bar safety net

This month 2 5, we discussed Dell eDellRoot root certificate vulnerability, the same problem again today is exposed: in some Dell system, found a second self-signed root certificate DSDTestProvider, and also comes with a private key. ! This morning, the micro-step online security analysis of clou...

Inside the Conficker-Infected Police Body Cameras

Rarely does one story run such a gamut of security threats, encapsulating in this case, Internet of Things risks, supply chain infiltration and some circa-2008 malware for good measure. But that’s what we have with this week’s saga of the body cameras, marketed for police use, that were shipped...

smb-vuln-conficker NSE Script

Detects Microsoft Windows systems infected by the Conficker worm. This check is dangerous and it may crash systems. Based loosely on the Simple Conficker Scanner, found here: -- This check was previously part of smb-check-vulns. Script Arguments smbdomain, smbhash, smbnoguest, smbpassword,...

Conficker Shellcode Remote Code Execution

Conficker is a computer worm that targets Windows users. Once resident, the worm has several mechanisms for pushing or pulling executable payloads over the network. These payloads are used by the worm to update to newer variants and to install additional malware...

Move Over Conficker, Web Threats are Top Enterprise Risk

Microsoft is ready to officially declare network worms passé for the enterprise. In its latest Security Intelligence Report, released Wednesday, Microsoft said that risks posed by Web-based threats to large, distributed network environments have surpassed malware such as Conficker. The report is...

Nmap NSE 6.01: smb-check-vulns

Checks for vulnerabilities: MS08-067, a Windows RPC vulnerability Conficker, an infection by the Conficker worm Unnamed regsvc DoS, a denial-of-service vulnerability I accidentally found in Windows 2000 SMBv2 exploit CVE-2009-3103, Microsoft Security Advisory 975497 MS06-025, a Windows Ras RPC...

Nmap NSE 6.01: p2p-conficker

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Nmap NSE 6.01: p2p-conficker

Checks if a host is infected with Conficker.C or higher, based on Conficker's peer to peer communication. When Conficker.C or higher infects a system, it opens four ports: two TCP and two UDP. The ports are random, but are seeded with the current week and the IP of the infected host. By determini...

Honeynet Project Launches 'Ghost' To Snare USB Malware

The Honeynet Project launched a new project Thursday that is designed to snare malware that spreads by infecting removable USB universal serial bus storage drives, citing the increased reliance of malicious programs on portable drives to move from computer to computer. The ghost-usb-honeypot uses...

Microsoft: Conficker Attacks Rebound

Old pieces of malware–especially successful ones–don’t really die. They typically will just sort of fade into the background as newer attacks come to the fore and grab the headlines. Such is the case for one of the more notorious headline-grabbing pieces of malware of all time: Conficker. Not onl...

Microsoft, Security Experts Warn 'Wormable' RDP Exploit Will Come Sooner Than Later

As a follow-up to its usual Patch Tuesday release this week, officials at Microsoft are warning users that an exploit against the recently disclosed Remote Desktop Protocol RDP vulnerability for Windows is likely to come in the next 30 days. According to a supplementary entry on its Security...

The Infections That Will Not Die: Conficker and AutoRun

One of the wonderful things about some pieces of malware is that, like that slightly dodgy uncle who never seems to have a job, they never really go away. They just sort of hang about in the background, waiting for the right time to hit you up for some spare cash or CPU cycles. It appears that th...

Conficker Worm in Hiding at an Australian Supermarket Chain

The once-prolific Conficker worm has turned up in the most unlikely of places: Australian discount supermarket, Aldi. The worm was discovered pre-installed on a four-in-one external hard-drive, DVD, USB, and card reader combination device. According to a warning from the Australian Computer...

AutoRun Infections Plummet Following Upgrade

A mid-February AutoRun update has had a dramatic effect on malware infection rates on the XP and Vista platforms, reducing infection rates using the AutoRun feature by as much as 68% across Windows platforms, according to Microsoft. Infections via the AutoRun feature in systems running Windows XP...

Nmap NSE net: p2p-conficker

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mitigating and Taking Down Botnets

Researchers and law enforcement officials have been working on taking down and crippling various botnets such as Rustock, Storm, Conficker and others for years. It’s a complex problem, and in this video Ryan Naraine talks with Kaspersky Lab malware researcher Tillmann Werner about the Conficker...