Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Open Source Conficker-C Scanner/Detector Released

Published: 2009-04-05
Last Updated: 2009-04-05 16:33:51 UTC
by Marcus Sachs (Version: 1)
0 comment(s)

SRI International's Malware Threat Center has released the code to their scanner/detector for Conficker's "C" version.  The official locations are:

Conficker C P2P Detection Modules (SourceFire ported the SRI module to their SO rule interface):

     Preprocessor:  http://mtc.sri.com/Conficker/contrib/plugin.html
     SO Version:   http://www.snort.org/vrt/tools/conficker-so-rules.tar.gz

Conficker C Network Scanner:
     Source Code:  http://mtc.sri.com/Conficker/contrib/scanner.html

If any readers have used SRI's tools and want to comment about them, please use our contact form or login and use the comment feature below.

We want to again express our thanks to the team at SRI International for their ongoing analysis of the Conficker worm, as well as to all of the volunteers of the Conficker Working Group who continue to coordinate the mitigation of the worm's effects.

Marcus H. Sachs
Director, SANS Internet Storm Center

Keywords: conficker
0 comment(s)
Diary Archives