Taming Conficker, the Easy Way

Dan Kaminsky writes "We may not know what the Conficker authors have in store for us on April 1st, but I doubt many network administrators want to find out. Maybe they don't have to: I've been working with the Honeynet Project'sTillmann Werner and Felix Leder, who have been digging into Conficker's profile on the network. What we've found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly. You can literally ask a server if it's infected with Conficker, and it will give you an honest answer. Tillmann and Felix have their own proof of concept scanner, and with the help of Securosis' Rich Mogull and the multivendor Conficker Working Group, enterprise-class scanners should already be out from Tenable (Nessus), McAfee/Foundstone, nmap, ncircle, and Qualys. We figured this out on Friday, and got code put together for Monday. It's been one heck of a weekend."

Re:i find it so hard

Hi, I'm the author of Conficker and the payload is to get a first post on slashdot. Get ready assholes.

Am i doing it wrong?

[arndawg]

"You can literally ask a server if it's infected with Conficker, and it will give you an honest answer." I asked and got no answer? Is there a specific language? I tried both english and norwegian.

Re:Am i doing it wrong?

[Yosho]

So how do you use a mouse with a Scottish accent?

Well, first, you've got to get it drunk...

Potential problem

[Shrike82]

We figured this out on Friday, and got code put together for Monday.

And with the ability to be remotely updated, Conficker will be immune to this by Tuesday.

Re:Wow!

[Pvt_Ryan]

I use Antivirus360 on my network, my last scanner was shit, the Antivirus360 free trial found loads of infections my other scanner missed..

Re:i find it so hard

[emocomputerjock]

All that will be left is a box in Madagascar with it's ports closed.