Slashdot Mirror
Diagnose Conficker With Web-Based Eye Chart
thomsomc writes "Joe Stewart from the Conficker Working Group has created an eye chart that allows for online identification of Conficker B and C infections. Using basic knowledge of the blacklisting that Conficker employs to avoid attempting to infect IPs that belong to popular Anti-Virus and security firms (including Microsoft), the group whipped up this very simple test to see if you can load content from the various pages. If you can see all of the images, you're more than likely Conficker-free. According to Honeynet, 'This detection method should be more reliable than network scanning based tests. Happy scanning!'" Related: Tech Fragments notes in passing that nothing much seems to have come of conficker's dreaded April 1 deadline.
How can the first post be modded Redundant when he says something that is not a meme or a common sentiment?
A cat can't teach a dog to bark.
How can the first post be modded Redundant when he says something that is not a meme or a common sentiment?
Because someone with mod points is either trolling or doesn't understand the meaning of the word. Just another flaw in the system.
Posts not to be taken literally. Almost everything is sarcasm.
Clicked on the link, page unavaliable. A reload did work.
Should be in the summary: If the page doesn't load at all, that doesn't mean you're infected, that means "Poor Internet connection?" If the page loads but some of the images don't, THAT is a positive.
Try the em tag.
Help fight poverty: Punch a poor person.
No, they didn't plan on misleading the public about April 1st. Even the real(not PR driven) security researches didn't think anything bad would happen. The public and news sites were just using it as an excuse to make a fuss again.
Conficker has already had a few of these dates, April 1st is just the date it starts actively looking for any future updates to the worm. As long as everything is going well so far, they won't update it.
The site is slow, but I found a copy here.
I'm going to make my own page based on this idea because there was no reason to put the stupid Linux and BSD logos on the page. That's just being a douche bag.
"When you see a unixer brainwashed beyond saving, kick him out of the door." - Xah Lee
Assuming you don't use a transparent proxy, then you would still get false negatives. The "eye chart" test won't work with proxies, not because of caching, but because with a non-transparent proxy Conficker wouldn't see that your computers are actually communicating with the security people's IP ranges.
Every time you post an article on Slashdot, I kill a server. Think of the servers!
The reason there are logos there is to test that your browser can actually display images before you start panicking that you don't see the logos from the anti-virus. They are also good to compare download times in case that your Internet connection is just slow at that time.
I copied to source code into an Apache server here, changed the logos on the lower row to point to images on the respective sites (instead of local images) and downloaded the "description" images. Works like a charm, we already found an infected laptop.
DON'T PANIC.