Confickr coming-What are you doing?

John Blakley · ‎03-25-2009

I just wondered what everyone else was doing to deal with the Confickr bot that's supposed to activate on 4/1. Are you doing anything to mitigate it, or are you going to wait to see if your networks slow to a grinding halt?

I believe the ports that it runs over are random 1024-10000, but I'm not sure what the payload looks like, so I'm not sure if there's even an IPS signature created for them. (Probably is, but I don't have an IPS.)

Thanks,

John

HTH, John *** Please rate all useful posts ***

Giuseppe Larosa · ‎03-25-2009

Hello John,

may you provide a link for this ?

I made some search and I've found that this Confickr= Downadup the worm that made the massive attack at the beginning of the year, but I didn't know infected pcs are expected to behave as a bootnet

Thanks

Best Regards

Giuseppe

John Blakley · ‎03-25-2009

Giuseppe,

Here's one link:

http://www.usatoday.com/money/industries/technology/2009-03-24-conficker-computer-worm_N.htm

John

HTH, John *** Please rate all useful posts ***

Leo Laohoo · ‎03-25-2009

In my humble opinion, network may not be involved with this. Update your anti-virus definition files and run MS Update is what I'd be doing.

After reading the article, I added the following to my list:

1. Disable P2P (if not already); and

2. Call in sick.

:)

Leo Laohoo · ‎03-25-2009

The Downadup Codex by Symantec

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_downadup_codex_ed1.pdf