Frag Infinity Tournament, Inc. - FITES LAN Party - www.fites.net

LAN Party Forums => General Discussion => Started by: decepticon on March 30, 2009, 08:32:14 PM

Title: Conficker scanner!
Post by: decepticon on March 30, 2009, 08:32:14 PM

I am sure most if not all of you have heard of the Conficker virus that is supposed to unleash holy hell in the computing world on 4/1/2009.  It's the biggest internet/virus scare since Y2K.  Anywhoo, supposedly there is no way to scan for the virus....until now.

From the Hack-a-day article:
http://hackaday.com/2009/03/30/containing-conficker/ (http://hackaday.com/2009/03/30/containing-conficker/)

Quote

With all the noise about Conficker turning your computer into liquid hot magma on April 1st, there’s actually some positive news. Researchers from the HoneyNet Project have been following the worm since infections started in late 2008. They recently discovered an easy way to identify infected systems remotely.

There is a tool available that will scan a remote system via it's IP or a range of IP's and will report whether or not the system shows signs of an infection.  If you even remotely think you may have an infection, it's worth it to run this scan!

For the file and some basic instructions:
http://www.doxpara.com/?p=1291 (http://www.doxpara.com/?p=1291)

or for just the file:
http://www.doxpara.com/scs.zip (http://www.doxpara.com/scs.zip)

Title: Re: Conficker scanner!
Post by: Czar on March 30, 2009, 09:07:58 PM

Thanks for the link. I appear to be clean!

Title: Re: Conficker scanner!
Post by: h4gg4rd on March 30, 2009, 09:12:30 PM

hmmm interesting.

thank you for the heads up sir.

Title: Re: Conficker scanner!
Post by: sully! on March 30, 2009, 09:30:37 PM

Saw a similar thing on Slashdot earlier today...

http://it.slashdot.org/article.pl?sid=09/03/30/090224&from=rss (http://it.slashdot.org/article.pl?sid=09/03/30/090224&from=rss)

Wednesday has the potential to be a very bad day in the IT world, but we've been pretty thorough in our preparedness of our IT systems in preparation of ConFudgeer. I just hope our engineering department has been too.

Title: Re: Conficker scanner!
Post by: {ShadowWX} on March 31, 2009, 06:34:37 AM

now my question is will my norton be able to find and eliminate this thing if I have it?

Title: Re: Conficker scanner!
Post by: decepticon on March 31, 2009, 07:18:31 AM

Quote from: ShadowWX on March 31, 2009, 06:34:37 AM

now my question is will my norton be able to find and eliminate this thing if I have it?

Not sure.  As of now, I heard that the av companies have no way to scan for the virus until maybe after it get's "activated" on 4/1. 

Title: Re: Conficker scanner!
Post by: decepticon on March 31, 2009, 07:52:06 AM

Oh, if anyone is interested: here is a whitepaper on the deconstruction and detection of Conficker.

http://www.honeynet.org/files/KYE-Conficker.pdf (http://www.honeynet.org/files/KYE-Conficker.pdf)

Title: Re: Conficker scanner!
Post by: h4gg4rd on March 31, 2009, 10:24:21 AM

I am clean! Also I am wondering if NOD32 can detect and eliminate it as well.. It should though NOD32 is leet.

Title: Re: Conficker scanner!
Post by: decepticon on March 31, 2009, 01:09:40 PM

Quote from: h4gg4rd on March 31, 2009, 10:24:21 AM

I am clean! Also I am wondering if NOD32 can detect and eliminate it as well.. It should though NOD32 is leet.

You'll have to check NOD32's website to see if they have a definition update that can check for this.

Title: Re: Conficker scanner!
Post by: The Shoctor on March 31, 2009, 03:06:52 PM

Go get the easy tool.

http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml (http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml)

Title: Re: Conficker scanner!
Post by: h4gg4rd on March 31, 2009, 11:33:47 PM

Half hour into April 1st...

all quiet on the eastern front. =]]

Title: Re: Conficker scanner!
Post by: {ShadowWX} on April 01, 2009, 06:50:09 AM

through the tool you posted shado I appear to be clean.