conficker

19 February 2014 at 9:35am

Conficker monitoring

James Davis
conficker
malware
NetFlow
infosec
We've disabled our monitoring of netflow feeds for W32/Conficker/Downadup infections. Given the decreasing number of vulnerable systems, the wide awareness of this issue and the low threat posed by the malware we've decided it was no longer worth the effort and resources to maintain a system that was generating a handful of alerts each day. Our reports of infections will continue, but they'll only be sourced from data sent to us by third parties such as Shadowserver.
Read more

Detecting Conficker on your network

Anonymous
Monday, February 13, 2012 - 20:15
CSIRT
conficker
detecting
incident response
malware
security
From time to time Janet CSIRT may report activity to you that is related to the Conficker worm. Typically this is a record of traffic from an infected host, to a Conficker sinkhole server. These sinkhole servers pretend to be part of the worm’s command and control infrastructure. The worm then attempts to load a web page on the sinkhole server, that were the server real, would contain instructions for the worm. Our reports typically look like this
Read more

Protecting yourself from Conficker

Anonymous
Monday, February 13, 2012 - 20:14
CSIRT
conficker
incident response
malware
protection
security
The Conficker worm (also known as Downup, Downadup and Kido) is probably the most prevalent computer worm on Janet and the Internet at this time. It’s success can be attributed to it’s use of a number of different vectors it uses to infect machines:
Read more

Conficker

Anonymous
Monday, February 13, 2012 - 20:12
CSIRT
conficker
incident response
malware
security
Janet CSIRT routinely processes netflow data to detect signs of Conficker infections on Janet.
Read more
Subscribe to conficker