Conficker C

Re: Conficker C

thanks for this post streaker. I will yank it and test it. I have a smallish client who is dependent on their internet accesses, so this may be helpful. Oh! and thanks for the compendium. I am about half way through it. :-)

Regards,

valkyrie
__________________________________________
sapere aude

Re: Conficker C

Thanks for the link! We don't plan on telling our users anything about April 1st :3 Thats how bastardy we are :P

Re: Conficker C

I'm sure you are already aware, but there's a couple other ways to find conflicker and/or test the vulnerability against your internal systems:

http://iv.cs.uni-bonn.de/wg/cs/appli...ning-conficker

and using nmap;

http://www.skullsecurity.org/blog/?p=209

Re: Conficker C

Mr Kaminsky made a post that hit Slashdot earlier today. He's compiled some python tools that were written by him, Tillmann Werner and Felix Leder. (if you read this Dan, mad props :3)
http://www.doxpara.com/?p=1291
http://www.doxpara.com/?p=1285

I haven't had a chance to test these as a server got hosed over the weekend, but when I was doing some mucking around on our DC, I noticed that Conficker was trying to infect it, so something on our network is infected. I'll probably get to using these tonight or tomorrow and I'll post my results for anyone that is interested :x

Re: Conficker C

yeah I think the scs.py reference in your first link is on the second link I posted, I downloaded and ran it didn't seem to report any vulnerable machines on the network here but I'm getting some conflicting results from other scanning methods. (GFI LanGuard for some ungodly reason is installed here...not sure which one is reporting the correct information just yet, but I am inclined to trust Kaminsky over GFI for some reason...

edut-also LOL at your sig

Re: Conficker C

I don't know... I did watch him pee himself at Hacker Jeopardy D:

Re: Conficker C

I'm a little late to the party with this, but here is something I put together when I cleaned Conficker from my network. Its basically an autorun batch that eliminates Scheduled Tasks (that the worm makes), deletes prefetch files (that the worm makes, that is pointed to by the Scheduled Tasks), it then displays the Windows version to show you which SP you are on (it had better be SP3, but I know in enterprise stuff slips through the cracks sometimes (unless you push this stuff through policy like a good network admin should, which is not what my network admin does D:)), it will run the MSRT for March to remove it and whatever (includes .C, it also removes the autorun infection), then it will run the patch to patch the hole in SVHOST that allows this in the first place, all narrated by a something I thought was funny at the time (my boss sure did) Also included on the ISO is SP3 and a handy scanner from Symantec that you should use if you think the computer is infected with something including Conficker, which was the case in our network D: All included with a run-on sentence.

I know its nothing special and its a little late in the game to be putting this out there. Feedback, comments, flames welcome.

http://www.disillusion.us/?page_id=110

Re: Conficker C

You guys ready? 2 more hours to go.

Re: Conficker C

I doubt anything big happens at this juncture. Maybe a few sites get DOS'd because of the increased lookups.

Re: Conficker C

I heard on the local news that China; being that is it already 4/1 there, has reported few problems.

I guess the survivalist of the world will have to wait some more; maybe next year.

xor

Ps. I got a chuckle when the news caster told people that turning off your computer for the entire day on 4/1 wouldn't fix the problem.

Re: Conficker C

there are typos in your typos. "separate" not "seperate"

teehee

:-)

edut-also, I"ve put the fear of God in the windows admins at my work, but get this (the best part) the director (or as I call him 'dumbass') literally told one of the windows admins "would you bet your job on patching and rebooting these servers" since they are production.

I replied to 'dumbass' and asked him if he would bet his job on none of these systems failing due to his lack of maintenance.

sometimes I really really hate my job

Re: Conficker C

Yawn !!!

Current Internet Threat Level

The threat level has been lowered to AlertCon 1.

http://www.symantec.com/business/security_response/

xor

Re: Conficker C

We have a Beige alert. If my wife calls, tell her I said 'hello'.

Re: Conficker C

The scanner that they published works wonders. I'm caught some of the stragglers last night, but it looks like some new PCs got infected, which is strange for a few reasons.

Re: Conficker C

http://www.pcmag.com/article2/0,2817,2344198,00.asp Its verrrrry verrrry quiet. Its huntin wabbits.