Main Area and Open Discussion > Living Room

Conficker - The Facts

<< < (10/14) > >>

Ehtyar:
Why is it not foolproof? IMO that's a much easier way for users to detect to Conficker than attempting to download a tool from a site that Conficker blocks.

I nearly hit the roof at work this morning when we got an email from the higher-ups about Conficker, suggesting that if you believe you're infected you download a cleaning utility from Microsoft or Symantec, both of which are blocked by Conficker. Would common sense not tell you to have users check for infection by attemping to access, say, microsoft.com and then if they have issues, provide a URL that Conficker doesn't block from which to download your removal tool. What the hell is wrong with these people?

Ehtyar.

[edit]
Now that my ranting impulse has been satisfied, thanks for the link App :)
[/edit]

Stoic Joker:
Why is it not foolproof? IMO that's a much easier way for users to detect to Conficker than attempting to download a tool from a site that Conficker blocks.

I nearly hit the roof at work this morning when we got an email from the higher-ups about Conficker, suggesting that if you believe you're infected you download a cleaning utility from Microsoft or Symantec, both of which are blocked by Conficker. Would common sense not tell you to have users check for infection by attemping to access, say, microsoft.com and then if they have issues, provide a URL that Conficker doesn't block from which to download your removal tool. What the hell is wrong with these people?

Ehtyar.

-Ehtyar (April 02, 2009, 06:53 PM)
--- End quote ---
You think that's bad...? ...Symantec had a big banner on their main page yesterday morning that said "Not sure if you're infected with the April 1st bug? For more information click here".

What more information?!? ... (I'm guessing lame sales pitch/I never checked) ... How about just saying "If you can read this you are ok."? It would make more sense, now wouldn't it?

Ehtyar:
Yeah, so true. My boss was on McAfee for whatever reason yesterday, and they were doing exactly the same thing. It's always such a disappointment when companies take advantage of consumers' ignorance like that.

Ehtyar.

Ehtyar:
I found this just now and thought it might be useful. It is a scanner, written by Team White Hat (Dan Kaminsky's crew) in python that should detect Conficker-infected machines.

The scanner can be downloaded as an independent package that can be run without python:
http://iv.cs.uni-bonn.de/uploads/media/scs_exe.zip
Simply extract the package and run 'scs <start-ip> <end-ip>' to scan an entire IP range, or 'scs <ip-list-file>' to scan a text file containing a list of IPs to scan. You can also run 'scanner <ip>' to scan a single IP address.
If you're handy with python you can download the source script (it requires the Impacket lib):
http://iv.cs.uni-bonn.de/uploads/media/scs.zip
More info is available at:
http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/

Hope these help out in some way.

Ehtyar.

Shook:
I just can't help wondering if anything actually happened at the time/date where people were all "OH SNAP WE'RE GOING TO BE BLASTED BY CONFICKER"? I mean, in my everyday, i've literally seen nothing regarding this Conficker, and the Danish news are usually eager to pounce on any major (bad) news outside Denmark, especially one like this of such potential magnitude. (Say that 10 times fast >.>)
The most i've seen of it is sporadic threads on forums here and there, but nothing about if anything actually happened. People do say that bad things will happen, but so far, i've seen... Well, nothing. Personally, i'm starting to doubt the existence of this virus. Am i totally alone in this?

Navigation

[0] Message Index

[#] Next page

[*] Previous page