11th-Hour Fix May Protect Huge Corporate Networks From Conficker Worm's Nastiness

Zero-hour approaches for the awakening of the Conficker megaworm. As we explained, Conficker can evade detection like none before it. But security experts have released a scanner that may save your IT professional's sanity tomorrow.

Security expert Dan Kaminsky, working with the Honeynet Project's Tillmann Werner and Felix Leder, have discovered an easier way to detect if a machine on a network is infected by Conflicker. Dan writes:

What we've found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly. You can literally ask a server if it's infected with Conficker, and it will tell you.

The code, just released today, is quickly finding its way into the scanners of all the major security software companies, and will hopefully prevent the worldwide holocaust/Russian Lolcat invasion tomorrow. We'll see! [Doxpara Research via Ars Technica]