Deadly Conficker Detected by a Pakistani "zero-day" Anti-malware Product

Islamabad, January, 20, 2009:  A computer malware, named as Kido, Conficker or Downadup has penetrated into more than 3.9 million computer systems worldwide running Microsoft Windows. The number also includes a major proportion of machines deployed at the Ministry of Defence (MoD), UK. It first takes control of an infected system by utilizing vulnerability in Microsoft Windows and then speedily replicates itself through the network or flash drives.

A team of security researchers headed by Dr. Muddassar Farooq at Next Generation Intelligent Networks Research Center (nexGIN RC), FAST National University Islamabad, Pakistan have been working on a next-generation anti-malware solution that has the ability to detect a given malware without a prior information about it. Consequently, it successfully detects a "zero-day malware". The product prototype of the solution is expected to be rolled out in near future. Researchers have collected samples of Conficker from a well-known malware consultancy firm OffseniveComputing.Org (based in the US) and scanned it using the developed prototype. Their solution not only detects Conficker and its variants but also provides useful forensic information about its functionality. Researchers believe that this groundbreaking achievement is made possible by a novel approach that--in contrast to the existing antivirus products--does not require any signature updates. They envision that the product, once fully developed, can realize "once-deployed-forever-protected" dream.

The on-going project titled ‘An Artificial Immune System General purpose Intrusion Detection System’ is a fully funded project by National ICT R&D fund, Ministry of Information Technology, Pakistan.