Slashdot Mirror

← Back to Stories (view on slashdot.org)

Diagnose Conficker With Web-Based Eye Chart

Posted by timothy on from the smoke-test-sanity-check-trial-balloon dept.

thomsomc writes "Joe Stewart from the Conficker Working Group has created an eye chart that allows for online identification of Conficker B and C infections. Using basic knowledge of the blacklisting that Conficker employs to avoid attempting to infect IPs that belong to popular Anti-Virus and security firms (including Microsoft), the group whipped up this very simple test to see if you can load content from the various pages. If you can see all of the images, you're more than likely Conficker-free. According to Honeynet, 'This detection method should be more reliable than network scanning based tests. Happy scanning!'" Related: Tech Fragments notes in passing that nothing much seems to have come of conficker's dreaded April 1 deadline.

10 of 180 comments (clear)

  1. sweet by rbrausse · · Score: 5, Insightful

    a nice, easy, reliable way to detect a conficker infection.

    great!

  2. This is gonna cause mass hysteria.. by gsmalleus · · Score: 2, Insightful

    when the page gets slashdotted and doesn't load at all.

    1. Re:This is gonna cause mass hysteria.. by AlexCorn · · Score: 2, Insightful

      I think it's already there... I got it to actually load 1 out of 6 trys

      Well that's why it's slashdotted... people are loading it six times!

  3. Re:Jon Stewart? by Vu1turEMaN · · Score: 3, Insightful

    the question is: how many other topics can we find that are !jonstewart?

    answer: 99% of them wooooooooooooo

  4. Re:Mirror by Onymous+Coward · · Score: 4, Insightful

    Ha.

    Anyway, the page is a clever idea.

    Here's another interpretation to add to the list: Some of the sites that the page pulls images from are Slashdotted.

  5. Re:Jon Stewart by camperdave · · Score: 2, Insightful

    What's wrong with the italics tag?

    --
    When our name is on the back of your car, we're behind you all the way!
  6. Re:Jon Stewart? by Anonymous Coward · · Score: 1, Insightful

    Go read what redundant actually means - it does not necessarily mean repeated.

  7. Re:How long before they ruin this test by wytcld · · Score: 3, Insightful

    Not if they're blacklisting. Only if they're redirecting. And if they were redirecting they'd presumably already have fake site mirrors set up, including these images, so the test would have never worked.

    --
    "with their freedom lost all virtue lose" - Milton
  8. Interesting idea, but ... by Anonymous Coward · · Score: 1, Insightful

    What happens when those six sites see that they are getting leeched, and pull those images? Chaos ensues as man + dog believes themselves to be infected.

  9. Re:How long before... by moose_hp · · Score: 4, Insightful

    Then we (it's open source after all!) modify the test to use iframes (ewwww... but useful in this situations) to actually load the full pages, once Conficker gets updated so it allows the pages, we move to actually downloading the patches with a message like "if the file doesn't download, you're probably infected", by the time Conficker gets good enought to actually allow the patches but modifing them on the fly so they are not useful (just random noise with the same size and filename), then we're screwed.

    Maybe I shouldn't give them ideas. I bet the author of Confickr reads slashdot.

    --
    DON'T PANIC.