Analyst Journal @ 01 Apr 2009 04:37 pm by ayoi
Again.. Sorry for the long Hiatus.. Anyway I did received an email from one of my friends at CyberSecurity Malaysia..
“maybe u can pos something useful & reminder in your blog & security.org.my to remind your blog visitors bout this malware.
thanks bro..”
Ahhh the link.. http://www.mycert.org.my/en/services/advisories/mycert/2009/main/detail/647/index.html
Yeah guys.. This ain’t no HOAX. In fact, there are few entries in SANS Handler’s diary regarding the increase of DNS polling performed by the infamous Conficker or Dowandup (from 250 different domain names per day to 500 ).
Read it here : April 1st – What Will Really Happen?
Btw Felix Leder, Tillmann Werner of The HoneyNet Project produced one good writeup “Containing Conficker“. I recommend you guys to download that paper and read it. Also read another good writeup of Conficker variants by SRI here.
Also you can now identify possible Conficker infected machines by performing network scanning via NMAP or NESSUS.
For NESSUS the related plugin description :PluginID 36036
How to scan using NMAP can be read from this site : www.skullsecurity.org
For removal instructions and tools, just follow the links provided in special Conficker page at Dshield site.
There you go folks. Sorry it’s lil bit late and yeah I’m lil bit tight right now..
p/s: Btw my friend mel already post an entry regarding Conficker worm at security.org.my
