Confickr coming-What are you doing?

Unanswered Question
Mar 25th, 2009

I just wondered what everyone else was doing to deal with the Confickr bot that's supposed to activate on 4/1. Are you doing anything to mitigate it, or are you going to wait to see if your networks slow to a grinding halt?

I believe the ports that it runs over are random 1024-10000, but I'm not sure what the payload looks like, so I'm not sure if there's even an IPS signature created for them. (Probably is, but I don't have an IPS.)



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Wed, 03/25/2009 - 14:22

Hello John,

may you provide a link for this ?

I made some search and I've found that this Confickr= Downadup the worm that made the massive attack at the beginning of the year, but I didn't know infected pcs are expected to behave as a bootnet


Best Regards


Leo Laohoo Wed, 03/25/2009 - 15:10

In my humble opinion, network may not be involved with this. Update your anti-virus definition files and run MS Update is what I'd be doing.

After reading the article, I added the following to my list:

1. Disable P2P (if not already); and

2. Call in sick.



This Discussion