Solved

Conflicker IDP Signature

Posted on 2009-04-01
5
1,066 Views
Last Modified: 2013-11-29
When browsing an IDP I have been monitoring I did see several occurences of conflicker.  All going out to an external address on port 80.  All the infections have been removed.  Does anyone have a sample of what the packet would look like.  I wanted to create some custom policies but I am not sure what else to look for.  If someone could provide more info on the signature I would greatly appreciate it.  
0
Comment
Question by:nsx106052
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 27

Assisted Solution

by:Asta Cu
Asta Cu earned 50 total points
ID: 24042900
Variants, but his gives good overview http://en.wikipedia.org/wiki/Conficker
 
0
 
LVL 23

Accepted Solution

by:
Mohamed Osama earned 100 total points
ID: 24044314
This is the most extensive analysis I have seen of the Worm's behaviour
http://mtc.sri.com/Conficker/addendumC/
you will find samples of the network traffic as well as a semi complete reverse engineering write up on the malware.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 24046084
You can actually scan your lan for it: http://www.doxpara.com/?p=1285
Here are some snort conficker sig's: http://honeynet.org/node/388
-rich
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24046997
Got CONLICKER Worm?
If YOU cant go here:
http://onecare.live.com/site/en-US/center/cleanup.htm
And run scans
you Got Worm:Win32/Conficker.B
Microsoft is offering $250,000 to a (Worm:Win32/Conficker.B) FIX
Hope its ME
0
 
LVL 34

Expert Comment

by:Michael-Best
ID: 24047257
Run the: "FULL SERVICE SCAN"
http://onecare.live.com/site/en-us/default.htm
0

Featured Post

Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RDP to Windows Server 2012 R2 after disabling TLS 1.0 7 163
How do I restrict certain programs? 9 79
Multi Factor Authentication for MSPs 4 38
Wannacry 44 108
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question