Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Open Source Conficker-C Scanner/Detector Released - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Open Source Conficker-C Scanner/Detector Released

SRI International's Malware Threat Center has released the code to their scanner/detector for Conficker's "C" version.  The official locations are:

Conficker C P2P Detection Modules (SourceFire ported the SRI module to their SO rule interface):

     SO Version:

Conficker C Network Scanner:
     Source Code:

If any readers have used SRI's tools and want to comment about them, please use our contact form or login and use the comment feature below.

We want to again express our thanks to the team at SRI International for their ongoing analysis of the Conficker worm, as well as to all of the volunteers of the Conficker Working Group who continue to coordinate the mitigation of the worm's effects.

Marcus H. Sachs
Director, SANS Internet Storm Center


301 Posts
ISC Handler
Apr 5th 2009

Sign Up for Free or Log In to start participating in the conversation!