Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k

Confickr coming-What are you doing?

I just wondered what everyone else was doing to deal with the Confickr bot that's supposed to activate on 4/1. Are you doing anything to mitigate it, or are you going to wait to see if your networks slow to a grinding halt?

I believe the ports that it runs over are random 1024-10000, but I'm not sure what the payload looks like, so I'm not sure if there's even an IPS signature created for them. (Probably is, but I don't have an IPS.)

Thanks,

John

HTH, John *** Please rate all useful posts ***
4 REPLIES
Hall of Fame Super Silver

Re: Confickr coming-What are you doing?

Hello John,

may you provide a link for this ?

I made some search and I've found that this Confickr= Downadup the worm that made the massive attack at the beginning of the year, but I didn't know infected pcs are expected to behave as a bootnet

Thanks

Best Regards

Giuseppe

Re: Confickr coming-What are you doing?

Giuseppe,

Here's one link:

http://www.usatoday.com/money/industries/technology/2009-03-24-conficker-computer-worm_N.htm

John

HTH, John *** Please rate all useful posts ***
Hall of Fame Super Gold

Re: Confickr coming-What are you doing?

In my humble opinion, network may not be involved with this. Update your anti-virus definition files and run MS Update is what I'd be doing.

After reading the article, I added the following to my list:

1. Disable P2P (if not already); and

2. Call in sick.

:)

Hall of Fame Super Gold

Re: Confickr coming-What are you doing?

121
Views
0
Helpful
4
Replies
CreatePlease to create content