Solved

Conflicker IDP Signature

Posted on 2009-04-01
5
1,060 Views
Last Modified: 2013-11-29
When browsing an IDP I have been monitoring I did see several occurences of conflicker.  All going out to an external address on port 80.  All the infections have been removed.  Does anyone have a sample of what the packet would look like.  I wanted to create some custom policies but I am not sure what else to look for.  If someone could provide more info on the signature I would greatly appreciate it.  
0
Comment
Question by:nsx106052
5 Comments
 
LVL 27

Assisted Solution

by:Asta Cu
Asta Cu earned 50 total points
ID: 24042900
Variants, but his gives good overview http://en.wikipedia.org/wiki/Conficker
 
0
 
LVL 23

Accepted Solution

by:
Admin3k earned 100 total points
ID: 24044314
This is the most extensive analysis I have seen of the Worm's behaviour
http://mtc.sri.com/Conficker/addendumC/
you will find samples of the network traffic as well as a semi complete reverse engineering write up on the malware.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 24046084
You can actually scan your lan for it: http://www.doxpara.com/?p=1285
Here are some snort conficker sig's: http://honeynet.org/node/388
-rich
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24046997
Got CONLICKER Worm?
If YOU cant go here:
http://onecare.live.com/site/en-US/center/cleanup.htm
And run scans
you Got Worm:Win32/Conficker.B
Microsoft is offering $250,000 to a (Worm:Win32/Conficker.B) FIX
Hope its ME
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24047257
Run the: "FULL SERVICE SCAN"
http://onecare.live.com/site/en-us/default.htm
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question