Nyotron Claims: Be Paranoid of Conficker

Reportedly, April Fool's Day will not be too amusing for millions of computer users, as the Conficker worm is anticipated to take full effect. The Conficker worm was released to the wild in October 2008. It targets Microsoft Windows machines specifically and its symptoms manifest as network congestion, account lockout policies being reset, disabled automatic updates and error reporting for Windows, slow domain controller response, and for added fun -- it blocks security-related sites.

The Conficker worm comes in three versions. Allegedly, it will infect more than 11 million computers. The third version, Conficker.C will switch gears and start polling 50,000 domains on April 1st to pull down a payload that will be executed locally on the infected machine. The intent of the code is unknown at this point. Some experts claim it will connect with other infected computers to cause unnecessary traffic that slows down networks and congests the internet while others claim it may be profit motivated and install a fake virus scan utility that asks the end user to pay to remove malicious software.

A home computer user will have an easier time clearing the worm out of their system by simply running their anti-virus software and downloading all current patches from Microsoft. Unfortunately, a network of users (such as a corporation or organization) will have a much more difficult experience. This is where more "industrial strength" solutions will be required, and supposedly leading the pack in this level of security technology is a product fittingly called Paranoid.

Nir Gaist, CTO Nyotron
Nyotron describes Paranoid as "a comprehensive security solution designed for monitoring system events on user end points and uses a pure heuristic behavior patterns based technology".  This system specializes in preventing Zero-day attacks, while simultaneously providing protection from exploits, malware, trojans, viruses, and worms. Though we've heard that Paranoid was the only security system that detected the previous variant of the Conficker, this previous worm is still not a good example of all that Paranoid can do. Apparently,a worm that randomly affects the security of a system is much easier to detect versus a targeted/Zero-day attack. Nevertheless, Nir Gaist, CTO and co-founder of Nyotron is taking the responsibility upon himself to find a solution to this threat, "because if something major happens from this worm, that's our problem," so he says.
Gaist says all other security systems are protecting organizations from the threats that are globally spread and randomly targeted. They don't, however, protect these networks from the directed threats. This is where Paranoid's technology holds a competitive advantage. Most security software technology is generally based on signatures. When downloading updates, you're downloading protections only for viruses that are known and have already attacked tens or hundreds of thousands of users. The chance that the individual end user will be one of those victims is actually small. Paranoid provides protection for networks that are at a high risk from an attack designed specifically against them with a unique signature.

Image, courtesy Nyotron Information Systems

Among Nyotron's customers are businesses in many sectors, Governmental, Financial, Healthcare, Education, National Security, Critical Networks, Communication, Infrastructure etc. As the Zero-day threat is becoming significantly intimidating to the enterprise network, Nyotron's solution is reportedly only real solution enabling network security administrator to "detect the undetected," claim the folks at Nyotron.

Image, courtesy Nyotron Information Systems

"No one yet knows what will happen on April 1st or after," Gaist says. "It also doesn't help to detect who is behind this worm, but clearly it took a large investment of time and money to start this."  There are speculations about this worm that range from it turning out to be a prank, a benign test of security systems, or even a way to eliminate pirated versions of the Windows OS (one cannot download patches for it without a valid license). Or, it may be just what it seems, a malignant attack to bring down networks worldwide. Obviously, that's a risk not many are willing to take, especially in the enterprise space.