The Worldwide Malware Counter, Gumblar, and Conficker

As we near the holiday weekend allow me to do some quick hits on some topics of interest:

  • Reaction to the Worldwide Malware Counter, launched by CEO John Prisco in his Tuesday blog post, has been exciting to say the least.  The activity to our web site has significantly spiked as people are coming to have a look.  We have gotten some interesting emails and comments, which is the most gratifying result as we had hoped to start an open debate.  I have also received some suggestions on how to enhance the counter, so stay tuned. 
  • The Gumblar attack, which loads Google searches with malicious links, has spread to over 3,000 servers and is characterized by another only-in-IT-security-term: a drive by download.  When such an attack comes out, we always get asked if we would have seen it.  Our technical people assure me we would see the malware when it hit either an endpoint machine or server.  Furthermore, when Triumfant synthesizes the situational remediation for the attack it would find all of the backdoors that Gumblar creates to survive.  This is why the fact that we see all of the changes in the machine is so critical – we can remediate all of the primary and secondary aspects of an attack and bring it to a halt.  I read one AV company’s blog about Gumblar and they noted that their AV software detects “some of the malicious code and malware” and likened the process of stopping Gumblar to “wac a mole”.  I am sorry, if I am a customer I would want to know if terms like “some” and “wac a mole” are good enough when it comes to protecting my data and my public perception.  This is why we created the counter to point out that signature based tools are no longer a sustainable protection.
  • I see that my old friend Conficker is still at large and infecting 50,000 computers a day.  This attack is 6+ months old and out in the open and still infecting 50,000 computers a day! Maybe we should start a Conficker counter.  I think we should have called it the Cher worm – it never goes away. Anna Kournikova got a virus named after her, why not Cher?

That is all for now. Time to start thinking about the BBQ plans for the long weekend.

This entry was posted on Thursday, May 21st, 2009 at 7:20 am and is filed under Endpoint Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply