Solved

Conflicker IDP Signature

Posted on 2009-04-01
5
1,053 Views
Last Modified: 2013-11-29
When browsing an IDP I have been monitoring I did see several occurences of conflicker.  All going out to an external address on port 80.  All the infections have been removed.  Does anyone have a sample of what the packet would look like.  I wanted to create some custom policies but I am not sure what else to look for.  If someone could provide more info on the signature I would greatly appreciate it.  
0
Comment
Question by:nsx106052
5 Comments
 
LVL 27

Assisted Solution

by:Asta Cu
Asta Cu earned 50 total points
Comment Utility
Variants, but his gives good overview http://en.wikipedia.org/wiki/Conficker
 
0
 
LVL 23

Accepted Solution

by:
Admin3k earned 100 total points
Comment Utility
This is the most extensive analysis I have seen of the Worm's behaviour
http://mtc.sri.com/Conficker/addendumC/
you will find samples of the network traffic as well as a semi complete reverse engineering write up on the malware.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
Comment Utility
You can actually scan your lan for it: http://www.doxpara.com/?p=1285
Here are some snort conficker sig's: http://honeynet.org/node/388
-rich
0
 
LVL 34

Expert Comment

by:Michael-Best
Comment Utility
Got CONLICKER Worm?
If YOU cant go here:
http://onecare.live.com/site/en-US/center/cleanup.htm
And run scans
you Got Worm:Win32/Conficker.B
Microsoft is offering $250,000 to a (Worm:Win32/Conficker.B) FIX
Hope its ME
0
 
LVL 34

Expert Comment

by:Michael-Best
Comment Utility
Run the: "FULL SERVICE SCAN"
http://onecare.live.com/site/en-us/default.htm
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now