Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Third party information on conficker - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Third party information on conficker

(This will be updated as more information becomes public)

Removal Instructions

Microsoft

http://support.microsoft.com/kb/962007

Kaspersky

support.kaspersky.com/faq/ 

 BitDefender

www.bitdefender.com/VIRUS-1000462-en--Win32.Worm.Downadup.Gen.html

 

Removal Tools

Microsoft MSRT

http://www.microsoft.com/security/malwareremove/default.mspx

F-Secure

ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip

AhnLab

global.ahnlab.com/global/file_removeal_down.jsp

McAfee

vil.nai.com/vil/stinger/

ESET

download.eset.com/special/EConfickerRemover.exe

 BitDefender

www.bitdefender.com/site/Downloads/downloadFile/1584/FreeRemovalTool

 Kaspersky

data2.kaspersky-labs.com:8080/special/KidoKiller_v3.1.zip

TrendMicro

www.trendmicro.com/ftp/products/pattern/spyware/fixtool/SysClean-WORM_DOWNAD.zip

 

 

Conficker Cabal Information

ShadowServer

www.shadowserver.org/wiki/pmwiki.php

(very good explanation of the importance of this group)

Arbor networks

asert.arbornetworks.com/2009/02/the-conficker-cabal-announced/

ICANN

www.icann.org/en/announcements/announcement-2-12feb09-en.htm

Symantec

forums.symantec.com/t5/Malicious-Code/Coalition-Formed-in-Response-to-W32-Downadup/ba-p/388129

 

General Information

Microsoft

End user/Consumer page
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

IT Security/Professional Page
http://technet.microsoft.com/en-us/security/dd452420.aspx

Centralized information about Conficker
http://blogs.technet.com/mmpc/archive/2009/01/22/centralized-information-about-the-conficker-worm.aspx
 

SecureWorks

www.secureworks.com/research/threats/downadup-removal/

 

Research (technical)

SRI

mtc.sri.com/Conficker

MNIN Security Blog

mnin.blogspot.com/2009/01/downatool-for-downadupbconflickerb.html

(This is an awesome tool that generates domains, and ips to scan using the reversed algorithms from conficker)

ThreatExpert Blog

blog.threatexpert.com/2009/01/confickerdownadup-memory-injection.html

 

And last but not least, the previous ISC articles on Conficker!


Internet Storm Center (SANS)
http://isc.sans.org/diary.html?storyid=5695
http://isc.sans.org/diary.html?storyid=5671
http://isc.sans.org/diary.html?storyid=5830
http://isc.sans.org/diary.html?storyid=5842
 

 

AndreL

56 Posts
Love the listing of removal tools, can this be added to the SANS \"Links\" page for common removal tools? And in general, restructure and update the links page with newer and useful tools?

I know asking a lot...
Thanks,
Brian
Brian

3 Posts
I plan on posting more info as I come across it, I also am looking at formatting it a bit differently. I am not much of a fan of the current formatting, but given the amount of time involved I wanted to get something out sooner rather then later.
AndreL

56 Posts
Step by Step In Dealing With and Removing Conficker.

http://blog.sekiur.com/2009/02/step-by-step-in-dealing-with-conficker/
AndreL
1 Posts
Additional technical information. It's possible to determine p2p UDP/TCP port pairs.
https://cert.lexsi.com/weblog/index.php/2009/03/31/294-confickerc-de-peer-en-peer
Anonymous

Sign Up for Free or Log In to start participating in the conversation!