Tuesday, February 17, 2009 10:59 AM cmosby

Third party information on conficker – SANS Internet Storm Center

Third party information on conficker
Published: 2009-02-13,
Last Updated: 2009-02-13 14:30:23 UTC
by Andre L. (Version: 2)
3 comment(s) digg_url = 'http://isc.sans.org/diary.html?storyid=5860&rss'; digg_title = 'Third party information on conficker'; digg_skin='compact'; digg_topic = 'security';

(This will be updated as more information becomes public)

In an effort to provde YOU the enduser the ability to educate your self on this threat I will be posting as much information as possible, from as many sources as possible.  This may lead to redundancies in the data that is avalible but I am hoping that this will allow you to pick and choose the information, removal tool, and more importantly your own path when mitigating Conficker.  Please do note that ISC nor SANS is verifying the validity of any of the information or tools present here (you can check our own posts on this topic, or compare against multiple sources). ALWAYS TEST IN A DEV OR TEST ENVIRONMENT BEFORE ROLLING OUT TO PRODUCTION!

Removal Instructions

Microsoft

http://support.microsoft.com/kb/962007

Kaspersky

support.kaspersky.com/faq/ 

BitDefender

www.bitdefender.com/VIRUS-1000462-en--Win32.Worm.Downadup.Gen.html

TrendMicro

www.trendmicro.com/vinfo/virusencyclo/default5.asp

Sophos

http://www.sophos.com/support/knowledgebase/article/51416.html

 

Removal Tools

Microsoft MSRT

http://www.microsoft.com/security/malwareremove/default.mspx

F-Secure

ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip

AhnLab

global.ahnlab.com/global/file_removeal_down.jsp

McAfee

vil.nai.com/vil/stinger/

ESET

download.eset.com/special/EConfickerRemover.exe

BitDefender

www.bitdefender.com/site/Downloads/downloadFile/1584/FreeRemovalTool

Kaspersky

data2.kaspersky-labs.com:8080/special/KidoKiller_v3.1.zip

TrendMicro

www.trendmicro.com/ftp/products/pattern/spyware/fixtool/SysClean-WORM_DOWNAD.zip

Sophos

secure.sophos.com/support/updates/dp/full/scct_10_sfx.exe

 

Conficker Cabal Information

ShadowServer

www.shadowserver.org/wiki/pmwiki.php

(very good explanation of the importance of this group)

Arbor networks

asert.arbornetworks.com/2009/02/the-conficker-cabal-announced/

ICANN

www.icann.org/en/announcements/announcement-2-12feb09-en.htm

Symantec

forums.symantec.com/t5/Malicious-Code/Coalition-Formed-in-Response-to-W32-Downadup/ba-p/388129

 

General Information

Microsoft

End user/Consumer page
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

IT Security/Professional Page
http://technet.microsoft.com/en-us/security/dd452420.aspx

Centralized information about Conficker
http://blogs.technet.com/mmpc/archive/2009/01/22/centralized-information-about-the-conficker-worm.aspx
 

SecureWorks

www.secureworks.com/research/threats/downadup-removal/

 

Research (technical)

SRI

mtc.sri.com/Conficker

MNIN Security Blog

mnin.blogspot.com/2009/01/downatool-for-downadupbconflickerb.html

(This is an awesome tool that generates domains, and ips to scan using the reversed algorithms from conficker)

ThreatExpert Blog

blog.threatexpert.com/2009/01/confickerdownadup-memory-injection.html

CERT.at

www.cert.at/static/conficker/TR_Conficker_Detection.pdf

(great paper that covers setting up your local DNS server to mitigate/alert on infections)

Sample zonefiles can be downloaded here

www.cert.at/english/downloads/downloads.html

 

And last but not least, the previous ISC articles on Conficker!


Internet Storm Center (SANS)
http://isc.sans.org/diary.html?storyid=5695
http://isc.sans.org/diary.html?storyid=5671
http://isc.sans.org/diary.html?storyid=5830
http://isc.sans.org/diary.html?storyid=5842
 

 

Keywords: conficker mitigation information cabal
Filed under: , , ,

Comments

No Comments