Yesterday started great, the weather was excellent, looked like a continuation of a calm weekend – then Dan Kaminsky called…
Researchers in Germany had come up with a way to remotely detect the Conficker worm. His idea was to get that knowledge out to as many scanner vendors as possible and see if we could implement the check ASAP. This new detection method allows IT administrators to remotely detect the Conficker virus directly on the infected machines without needing credentials or an agent installed. For many large enterprises, this represents an opportunity to perform a quick and non-intrusive audit of their patching efforts. We quickly assembled a team to take a look at the code that Felix Leder and Tillman Werner from the University of Bonn had made available in Python and saw no problem in implementing the detection in the QualysGuard scanner. After finishing the development proof-of-concept, we started formalizing the project, creating the necessary branches in our source code system, checking in the new code and started a new build and acceptance testing cycle. Late on Sunday QA had a production grade package that could be used for basic functional testing and then put it through our nightly regression testing cycle. After reviewing the regression results earlier today we released the code to our production systems around 3PM PDT. Qualys press release.
Thanks to Rich Mogull and Dan Kaminsky for bringing this to us. Many Thanks also to Felix and Tillman, excellent work, looking forward to reading your paper on the subject when I regain my breath. Also, special thanks for David Watson and Jose Nasario who helped us by providing Conficker samples for testing.