« previous next »
Pages: 1 [2]   Go Down

Author Topic: Try this easy conficker scan.....cfdetector!  (Read 12156 times)

0 Members and 2 Guests are viewing this topic.

Hard_ROCKER

  • Guest
Re: Try this easy conficker scan.....cfdetector!
« Reply #15 on: April 06, 2009, 05:55:39 PM »
I assume what this test does is it simply tries to access a few security vendors web sites and comes up with clean after it is successful or infected if it is unsuccessful at accessing them. Since Conficker worm blocks access to those sites, that is i suppose the easiest way to tell if a computer is infected with Conficker or not. The .A variant is a different story though and this test doesn't detect it.

http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/


Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33935
  • malware fighter
Re: Try this easy conficker scan.....cfdetector!
« Reply #16 on: April 06, 2009, 08:44:00 PM »
Hi Darth-Mikey,

Thank you for the exact summary of what this test does and does not, and how and why it works, could not have put it better. Now SRI also came up with a new Conficker scanner tool, get it here:
http://mtc.sri.com/Conficker/contrib/scanner.html
and the snort detection implementation here: http://mtc.sri.com/Conficker/contrib/plugin.html#example-code

polonus
« Last Edit: April 06, 2009, 09:54:11 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: 1 [2]   Go Up
« previous next »