For those of you who have not been paying a lot of attention to the network worm side of the house in the past year, one of the most sophisticated and successful Microsoft-based worms has been out in the wild for the past five months or so.
There is potentially a new twist in this story, of this worm that has taken over millions and millions of computers around the internet. Recently, the fruits of infosec professionals around the world collaborating together in a rarely seen manner have been coming to light, as they race against the worm’s April 1st refresh date.
A lot of rumor has been circulating about the April 1 deadline, and really, it won’t be the end of the world. What it potentially does mean is a new round of infections and updates, and a potential mutation or evolution in the worm code that will undo some or all of the progress made so far. The next 48 hours are a chance to make up some ground on this runaway problem.
If you are in charge of systems or networks, or even just have a few windows boxes at home that you are not sure about, take a few minutes to catch up on this story and use some of the (now) freely available tools to scan your network and try to see if you can spot this malware before it changes again, which is slated to happen on Wednesday of this week.
As always, scan (and do any other actions on your network) responsibly, and in accordance with the rules and regs that pertain to your network. If you are somewhere big, corporate, or federal, get your management involved and engaged, and mobilize to protect your resources.
note(ed): I think that between this and the response to Kaminsky’s “I broke the Internet” DNS bug last year, the information security community is starting to show a maturity and collaborative spirit that is crossing boundaries that previously impeded progress. While I don’t think that the incidents themselves are good innately, the collaboration that is springing from facing these adversities is excellent.
There are several posts and links from SANS ISC on the topic
Honeynet project’s dedicated scanning script in python
And Dan Kaminsky was nice enough to wrap it to an .exe and give his latest two cents worth