Last Updated: 2010-11-17 18:32:50 UTC
by Guy Bruneau (Version: 1)
We have received reports indicating that Conficker B++ (also known as Downup, Downadup and Kido) activated on the 15 Nov around 10 PM EST time. If you have samples or packets to share, please submit them via our contact page.
*** Update 2
We have determined the reports we have received appear to be isolated and unrelated incidents.
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org
We are still looking into the reported events. On the surface it would appear that the reported events are "standard" Conficker infections and behavior. At this time we do not have any binary samples, and are working from third party reports. From what little is known, this does not appear to be a new version of Conficker, or any new behavior patterns that havent' been discussed publicly. ( http://mtc.sri.com/Conficker/ for more details) If any of that changes we will update this diary entry with those results. - Andre Ludwig - Shadowserver