Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1078
  • Last Modified:

Conflicker IDP Signature

When browsing an IDP I have been monitoring I did see several occurences of conflicker.  All going out to an external address on port 80.  All the infections have been removed.  Does anyone have a sample of what the packet would look like.  I wanted to create some custom policies but I am not sure what else to look for.  If someone could provide more info on the signature I would greatly appreciate it.  
0
nsx106052
Asked:
nsx106052
3 Solutions
 
Asta CuCommented:
Variants, but his gives good overview http://en.wikipedia.org/wiki/Conficker
 
0
 
Mohamed OsamaSenior IT ConsultantCommented:
This is the most extensive analysis I have seen of the Worm's behaviour
http://mtc.sri.com/Conficker/addendumC/
you will find samples of the network traffic as well as a semi complete reverse engineering write up on the malware.
0
 
Rich RumbleSecurity SamuraiCommented:
You can actually scan your lan for it: http://www.doxpara.com/?p=1285
Here are some snort conficker sig's: http://honeynet.org/node/388
-rich
0
 
Michael-BestCommented:
Got CONLICKER Worm?
If YOU cant go here:
http://onecare.live.com/site/en-US/center/cleanup.htm
And run scans
you Got Worm:Win32/Conficker.B
Microsoft is offering $250,000 to a (Worm:Win32/Conficker.B) FIX
Hope its ME
0
 
Michael-BestCommented:
Run the: "FULL SERVICE SCAN"
http://onecare.live.com/site/en-us/default.htm
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now