Nyotron Claims Be Paranoid of Conficker

Reportedly, April Fool's Day will not be too amusing for millions of computer users, as the Conficker worm is anticipated to take full effect. The Conficker worm was released to the wild in October 2008. It targets Microsoft Windows machines specifically and its symptoms manifest as network congestion, account lockout policies being reset, disabled automatic updates and error reporting for Windows, slow domain controller response, and for added fun -- it blocks security-related sites.

The Conficker worm comes in two versions. Allegedly, it will affect more than 11 million computers. The third and newest version of it will present itself on April 1st. From this point, it will stop sitting idle in infected systems and launch its payload. It will connect from the affected computer to one of a few random domains to download a file, which will then execute the full attack upon its victim.

A home computer user will have an easier time clearing the worm out of their system by simply running their anti-virus software and downloading all current patches from Microsoft. Unfortunately, a network of users (such as a corporation or organization) will have a much more difficult experience. This is where more "industrial strength" solutions will be required, and supposedly leading the pack in this level of security technology is a product fittingly called Paranoid.

Nir Gaist, CTO Nyotron

Nyotron describes Paranoid as "a comprehensive security solution designed for monitoring system events on user end points and uses a pure heuristic behavior patterns based technology".  This system specializes in preventing Zero-day attacks, while simultaneously providing protection from exploits, malware, trojans, viruses, and worms. Though we've heard that Paranoid was the only security system that detected the previous variant of the Conficker, this previous worm is still not a good example of all that Paranoid can do. Apparently,a worm that randomly affects the security of a system is much easier to detect versus a targeted/Zero-day attack. Nevertheless, Nir Gaist, CTO and co-founder of Nyotron is taking the responsibility upon himself to find a solution to this threat, "because if something major happens from this worm, that's our problem," so he says.
 
Gaist says all other security systems are protecting organizations from the threats that are globally spread and randomly targeted. They don't, however, protect these networks from the directed threats. This is where Paranoid's technology holds a competitive advantage. Most security software technology is generally based on signatures. When downloading updates, you're downloading protections only for viruses that are known and have already attacked tens or hundreds of thousands of users. The chance that the individual end user will be one of those victims is actually small. Paranoid provides protection for networks that are at a high risk from an attack designed specifically against them with a unique signature.

Image, courtesy Nyotron Information Systems

Among Nyotron's customers are businesses in many sectors, Governmental, Financial, Healthcare, Education, National Security, Critical Networks, Communication, Infrastructure etc. As the Zero-day threat is becoming significantly intimidating to the enterprise network, Nyotron's solution is reportedly only real solution enabling network security administrator to "detect the undetected," claim the folks at Nyotron.

Image, courtesy Nyotron Information Systems

 

"No one yet knows what will happen on April 1st or after," Gaist says. "It also doesn't help to detect who is behind this worm, but clearly it took a large investment of time and money to start this."  There are speculations about this worm that range from it turning out to be a prank, a benign test of security systems, or even a way to eliminate pirated versions of the Windows OS (one cannot download patches for it without a valid license). Or, it may be just what it seems, a malignant attack to bring down networks worldwide. Obviously, that's a risk not many are willing to take, especially in the enterprise space.
 

Me thinks its more of a prank than anything....

Conficker has definitely been "marketed" well enough so the awareness is up but people are just now getting too scared to use their PCs which is taking it TOO far I think.

Actually I think the virus maker is brilliant. This has been available for years in many ways. This was also alluded to on a capability level last year at the blackhat conference. When, we were seeing things from the blackhat conference last year, and the availability of dropping monitoring software into photos on Myspace. I commented that that has been available for years and that I have seen it used as a monitoring device.

I will bet Conflicker is a monitoring device. Therefore it is not a virus as they state and it will not "infect" any computers with a debilitating virus. It will install monitoring software that is in many ways nothing but a modified key logger, It is just an automated one.

The brilliance of this is with the capabilities of a computer today, and the amount of power a device like this uses, it will never even be seen. However, it will record financial info on every computer that is used for financial transactions. Think of it this way would you be richer if someone gave you a million dollars a day, or if you earned 1-10 cents a day from every infected computer that transacted a financial transaction over the internet or financial network every day.

If it does it this way 99% of the people that have been infected and lose money will either never know or at least won't for quite some time. Meanwhile the person or group who made conflicker is making 10 cents on 1 percent of the world’s population every day. So say the world’s population is 3 billion (random number) divided by 1 percent. Even if it was .001 percent or another number, at least say 300 thousand transaction’s every day for a month times 10 cents roughly 90 million dollars a month.