Conficker Scanner Soon
We may not know what the Conficker authors have in store for us on April 1st, but I doubt many network administrators want to find out. Maybe they don’t have to: I’ve been working with the Honeynet Project’s Tillmann Werner and Felix Leder, who have been digging into Conficker’s profile on the network. What we’ve found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly. You can literally ask a server if it’s infected with Conficker, and it will tell you.
We’ve dealt with a minor Conficker outbreak that was no fun. I don’t expect much, if anything, to happen on the first. But just to be safe when this tool becomes available it will be a handy thing to have. You’re all patched up, right?