Qualys Adds Remote Detection of the Conficker Worm

New QualysGuard Detection Allows Organizations to Detect the Multiple Variants
of the Conficker Worm on their Global Networks
REDWOOD SHORES, Calif.--(Business Wire)--
Qualys, Inc., the leading provider of on demand IT security risk and compliance
management solutions, today announced that it added remote detection of the
Conficker Worm, which has been spreading in corporate networks since November of
2008. This detection was added to QualysGuard Vulnerability Management in order
to help organizations remotely identify the multiple variants of this worm and
control its spread within enterprise networks. 

Conficker is a worm that spreads by exploiting the Microsoft Windows Server
Service RPC Handling Remote Code Execution Vulnerability announced in October
2008. It can spread to corporate network shares that are not protected with
strong passwords and by infected USB sticks. Conficker creates a file that runs
automatically on all mapped drives which is executed when the drive is accessed
and then spreads to other drives connecting to an infected machine. Once a
system is infected, Conficker blocks all access to security-related Web sites,
preventing users from updating security software from those Web sites. 

Conficker leaves a fingerprint on infected machines that can be detected
remotely by using special RPC calls. The QualysGuard detection for Conficker is
in QID1227, categorized as urgent with severity level 5, and the detection
identifies all variants including Conficker.A, B, C or W32.Downadup.B.
Organizations are encouraged to scan their global networks in order to identify
infected systems, use Antivirus/Antispyware to remove the infection and then
apply the Microsoft Patch from Security Bulletin MS08-067. As of late January
2009, 30 percent of all Windows machines remained unpatched. 

"This new detection method allows IT administrators to remotely detect the
Conficker virus directly on the infected machines without needing credentials or
an agent installed. For many large enterprises, this represents an opportunity
to perform a quick and non-intrusive audit of their patching efforts," said
Wolfgang Kandek, CTO of Qualys, who participated in the multivendor initiative
over the weekend to implement this detection. "This security breakthrough will
help many organizations tame Conficker and stop it from spreading within their
networks. Special thanks to Dan Kaminsky and Rich Mogull for their efforts to
pull the community together on very short notice, and for helping us add this
detection within QualysGuard." 

About QualysGuard Vulnerability Management

QualysGuard is an on demand security audit service delivered over the Web that
enables organizations to effectively manage their vulnerabilities and maintain
control over their network security with centralized reports, verified remedies
and full remediation workflow capabilities with trouble tickets. QualysGuard
provides comprehensive reports on vulnerabilities including severity levels,
time to fix estimates and impact on business, plus trend analysis on security
issues. By continuously and proactively monitoring all network access points,
QualysGuard dramatically reduces security managers' time researching, scanning
and fixing network exposures and enables companies to eliminate network
vulnerabilities before they can be exploited. 

Access for QualysGuard customers: https://qualysguard.qualys.com

Free trial of QualysGuard: http://www.qualys.com/freetrial

About Qualys

Qualys, Inc. is the leading provider of on demand IT security risk and
compliance management solutions - delivered as a service. Qualys`
Software-as-a-Service solutions are deployed in a matter of hours anywhere in
the world, providing customers an immediate and continuous view of their
security and compliance postures. 

The QualysGuard service is used today by more than 3,500 organizations in 85
countries, including 40 of the Fortune Global 100 and performs more than 200
million IP audits per year. Qualys has the largest vulnerability management
deployment in the world at a Fortune Global 50 company. 

Qualys has established strategic agreements with leading managed service
providers and consulting organizations including BT, Etisalat, Fujitsu, IBM,
I(TS)2, LAC, SecureWorks, Symantec, Tata Communications, TELUS and VeriSign. For
more information, please visit www.qualys.com. 

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys,
Inc. All other products or names may be trademarks of their respective
companies.



Schwartz Communications
Jason Morris or Jen Spark, 415-512-0770
qualys@schwartz-pr.com

Copyright Business Wire 2009