03-25-2009 02:14 PM - edited 03-04-2019 04:05 AM
I just wondered what everyone else was doing to deal with the Confickr bot that's supposed to activate on 4/1. Are you doing anything to mitigate it, or are you going to wait to see if your networks slow to a grinding halt?
I believe the ports that it runs over are random 1024-10000, but I'm not sure what the payload looks like, so I'm not sure if there's even an IPS signature created for them. (Probably is, but I don't have an IPS.)
Thanks,
John
03-25-2009 02:22 PM
Hello John,
may you provide a link for this ?
I made some search and I've found that this Confickr= Downadup the worm that made the massive attack at the beginning of the year, but I didn't know infected pcs are expected to behave as a bootnet
Thanks
Best Regards
Giuseppe
03-25-2009 02:26 PM
Giuseppe,
Here's one link:
http://www.usatoday.com/money/industries/technology/2009-03-24-conficker-computer-worm_N.htm
John
03-25-2009 03:10 PM
In my humble opinion, network may not be involved with this. Update your anti-virus definition files and run MS Update is what I'd be doing.
After reading the article, I added the following to my list:
1. Disable P2P (if not already); and
2. Call in sick.
:)
03-25-2009 05:29 PM
The Downadup Codex by Symantec
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide