Zscaler Provides Proactive Protection from Conficker/Downadup Worm

Santa Clara, California, January 19, 2009

Zscaler, the industry-first, multi-tenant SaaS security service, announced today that it has deployed proactive protections to combat the rapidly spreading Conficker (aka Downadup) worm. A recent variant of the Conficker worm has spread rapidly over the past week, infecting millions of computers worldwide.

Despite patches having been available from Microsoft since October 2008 for the primary attack vector, Conficker propagates in multiple ways by additionally identifying vulnerable machines through open network shares, weak passwords and connected removable storage devices. Lack of inspection of Internet-bound botnet command and control traffic, poor patch management and ineffective anti-virus signatures has all contributed to the spread of the worm.

“Conficker has succeeded in rapidly propagating due to poor enterprise security controls and the intelligent design of the worm itself,” according to Michael Sutton, VP, Security Research. “Beyond attacking other vulnerable computers, infected machines are also connecting back to command and control servers, creating a powerful botnet army for those responsible for this attack.”

Conficker’s “phone home” feature enables it to receive further orders to wreak havoc. The orders could be to download malicious code from random drop points which are frequently changing.

“As an in-the-cloud security provider, by inspecting all web traffic, Zscaler can identify and block web related activity of the Conficker worm hence protecting Zscaler clients globally with no additional effort required on their part,” said Jay Chaudhry, Zscaler's CEO. “The Zscaler security service not only prevents further propagation of Conficker but also empowers enterprises to identify machines infested with bots on their network.”

About Zscaler

Zscaler is revolutionizing Internet security with the industry’s first Security as a Service platform. As the most innovative firm in the $35 billion security market, Zscaler is used by more than 5,000 leading organizations, including 50 of the Fortune 500. Zscaler ensures that more than 15 million users worldwide are protected against cyber attacks and data breaches while staying fully compliant with corporate and regulatory policies.

Zscaler is a Gartner Magic Quadrant leader for Secure Web Gateways and delivers a safe and productive Internet experience for every user, from any device and from any location — 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the internet backbone, operating in more than 100 data centers around the world and enabling organizations to fully leverage the promise of cloud and mobile computing with unparalleled and uncompromising protection and performance. Zscaler delivers unified, carrier-grade internet security, next generation firewall, web security, sandboxing/advanced persistent threat (APT) protection, data loss prevention, SSL inspection, traffic shaping, policy management and threat intelligence—all without the need for on-premise hardware, appliances or software. To learn more, visit us at www.zscaler.com.

Additional Resources:

Media Contacts:

Whitney Black 
Director of Communications