The Confiker Virus.

Dominic J. Eidson sauron at
Tue Mar 31 20:43:19 UTC 2009

See for snort signatures for .a and .b 

  - d.

On Tue, 31 Mar 2009, Steven Fischer wrote:

> Is anyone aware of any network-based signatures that could be used to
> identify and tag IP traffic, for dropping at the ingress/egress points?
> On Tue, Mar 31, 2009 at 9:41 AM, JoeSox <joesox at> wrote:
>> I am uncertain also. I scan a subnet on my network with Axence
>> NetTools looking for 445 port and I receive some hits. I perform a
>> netstat -a some of those results but don't really see any 445
>> activity.  The SCS script doesn't find anything either.  The PCs are
>> patched and virusscan updated. One PC when I connected to it did not
>> navigate to Windowsupdate website. I scheduled a Full McAfee scan as
>> their documentation suggests
>> (
>> ),
>> and sometime through the scan I was able to reach windowsupdate. I
>> don't know if it was a coincidence or not that I was not able to reach
>> the website.  I haven't looked into the registry and any other places
>> for evidence of conficker. I will probably today but I am afraid it
>> maybe a waste of time since they are already patched and updated.
>> --
>> Joe
>> On Tue, Mar 31, 2009 at 5:48 AM, Eric Tykwinski <eric-list at>
>> wrote:
>> > Joe,
>>> Here's the link for the Python Crypto toolkit:
>>> I scanned our internal network and didn't find anything, so I can't
>> really
>>> vouch for it's reliablity though.

Dominic J. Eidson
                                      "Baruk Khazad! Khazad ai-menu!" - Gimli

More information about the NANOG mailing list