Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Conficker B++ Activated on Nov 15 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Conficker B++ Activated on Nov 15

We have received reports indicating that Conficker B++ (also known as Downup, Downadup and Kido) activated on the 15 Nov around 10 PM EST time. If you have samples or packets to share, please submit them via our contact page.
 

[1] http://en.wikipedia.org/wiki/Conficker

 

*** Update 2

We have determined the reports we have received appear to be isolated and unrelated incidents.

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

 

***UPDATE

We are still looking into the reported events. On the surface it would appear that the reported events are "standard" Conficker infections and behavior. At this time we do not have any binary samples, and are working from third party reports.  From what little is known, this does not appear to be a new version of Conficker, or any new behavior patterns that havent' been discussed publicly. ( http://mtc.sri.com/Conficker/ for more details)   If any of that changes we will update this diary entry with those results.  - Andre Ludwig - Shadowserver

Guy

418 Posts
ISC Handler
I am suddenly getting lots of Conficker samples on my honeypots, seems to be all old Conficker B. (15th-18th November)
Anonymous
Posts

Sign Up for Free or Log In to start participating in the conversation!