The Confiker Virus.

Tue Mar 31 13:33:41 UTC 2009

    0n Tue, Mar 31, 2009 at 09:22:32AM -0400, Steven M. Bellovin wrote: 

Honeynet Project has released Know Your Enemy:  Containing Conficker:

   Our "Know Your Enemy: Containing Conficker" whitepaper was released on March
   30th as a PDF only. You can download the full paper from the link below.

   Paper Abstract

   The Conficker worm has infected several million computers since it first started
   spreading in late 2008 but attempts to mitigate Conficker have not yet proved
   very successful. In this paper we present several potential methods to contain
   Conficker. The approaches presented take advantage of the way Conficker patches
   infected systems, which can be used to remotely detect a compromised system.
   Furthermore, we demonstrate various methods to detect and remove Conficker
   locally and a potential vaccination tool is presented. Finally, the domainname
   generation mechanism for all three Conficker variants is discussed in detail and
   an overview of the potential for upcoming domain collisions in version .C is
   provided. Tools for all the ideas presented here are freely available for
   download including source code.

   In addition, as a result of this paper and the hard work of Dan Kaminsky, most
   vulnerability scanning tools (including Nmap) should now have a plugin or
   signatures that allow you to remotely detect infected Conficker systems on your
   networks.  Finally, we would like to recognize and thank the tremendous help and
   input of the Conficker Working Group.

   Paper last updated March 30th 2009, 23:00 GMT (rev1)

   http://www.honeynet.org/files/KYE-Conficker.pdf

  -aW

IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914.  If you have received this email in error, you are requested to contact the sender and delete the email.