Re: The Confiker Virus.

[Steven Fischer <sfischer1967 () gmail com>]

Is anyone aware of any network-based signatures that could be used to
identify and tag IP traffic, for dropping at the ingress/egress points?

On Tue, Mar 31, 2009 at 9:41 AM, JoeSox <joesox () gmail com> wrote:

> I am uncertain also. I scan a subnet on my network with Axence
> NetTools looking for 445 port and I receive some hits. I perform a
> netstat -a some of those results but don't really see any 445
> activity.  The SCS script doesn't find anything either.  The PCs are
> patched and virusscan updated. One PC when I connected to it did not
> navigate to Windowsupdate website. I scheduled a Full McAfee scan as
> their documentation suggests
> (
> http://download.nai.com/products/mcafee-avert/documents/combating_w32_conficker_worm.pdf
> ),
> and sometime through the scan I was able to reach windowsupdate. I
> don't know if it was a coincidence or not that I was not able to reach
> the website.  I haven't looked into the registry and any other places
> for evidence of conficker. I will probably today but I am afraid it
> maybe a waste of time since they are already patched and updated.
> --
> Joe
>
>
>
> On Tue, Mar 31, 2009 at 5:48 AM, Eric Tykwinski <eric-list () truenet com>
> wrote:
>  > Joe,
> > Here's the link for the Python Crypto toolkit:
> > http://www.amk.ca/python/code/crypto.html
> >
> > I scanned our internal network and didn't find anything, so I can't
> really
> > vouch for it's reliablity though.


-- 
To him who is able to keep you from falling and to present you before his
glorious presence without fault and with great joy