03-25-2009 02:14 PM - edited 03-04-2019 04:05 AM
I just wondered what everyone else was doing to deal with the Confickr bot that's supposed to activate on 4/1. Are you doing anything to mitigate it, or are you going to wait to see if your networks slow to a grinding halt?
I believe the ports that it runs over are random 1024-10000, but I'm not sure what the payload looks like, so I'm not sure if there's even an IPS signature created for them. (Probably is, but I don't have an IPS.)
Thanks,
John
03-25-2009 02:22 PM
Hello John,
may you provide a link for this ?
I made some search and I've found that this Confickr= Downadup the worm that made the massive attack at the beginning of the year, but I didn't know infected pcs are expected to behave as a bootnet
Thanks
Best Regards
Giuseppe
03-25-2009 02:26 PM
Giuseppe,
Here's one link:
http://www.usatoday.com/money/industries/technology/2009-03-24-conficker-computer-worm_N.htm
John
03-25-2009 03:10 PM
In my humble opinion, network may not be involved with this. Update your anti-virus definition files and run MS Update is what I'd be doing.
After reading the article, I added the following to my list:
1. Disable P2P (if not already); and
2. Call in sick.
:)
03-25-2009 05:29 PM
The Downadup Codex by Symantec
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: