Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Third party information on conficker

SANS Site Network

Current Site

Internet Storm Center

Other SANS Sites Help

Graduate Degree Programs

Security Training

Security Certification

Security Awareness Training

Penetration Testing

Industrial Control Systems

Cyber Defense Foundations

DFIR

Software Security

Government OnSite Training

SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Log In or Sign Up for Free!

Third party information on conficker
(This will be updated as more information becomes public) Removal Instructions Microsoft http://support.microsoft.com/kb/962007 Kaspersky support.kaspersky.com/faq/ BitDefender www.bitdefender.com/VIRUS-1000462-en--Win32.Worm.Downadup.Gen.html Removal Tools Microsoft MSRT http://www.microsoft.com/security/malwareremove/default.mspx F-Secure ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip AhnLab global.ahnlab.com/global/file_removeal_down.jsp McAfee vil.nai.com/vil/stinger/ ESET download.eset.com/special/EConfickerRemover.exe BitDefender www.bitdefender.com/site/Downloads/downloadFile/1584/FreeRemovalTool Kaspersky data2.kaspersky-labs.com:8080/special/KidoKiller_v3.1.zip TrendMicro www.trendmicro.com/ftp/products/pattern/spyware/fixtool/SysClean-WORM_DOWNAD.zip Conficker Cabal Information ShadowServer www.shadowserver.org/wiki/pmwiki.php (very good explanation of the importance of this group) Arbor networks asert.arbornetworks.com/2009/02/the-conficker-cabal-announced/ ICANN www.icann.org/en/announcements/announcement-2-12feb09-en.htm Symantec forums.symantec.com/t5/Malicious-Code/Coalition-Formed-in-Response-to-W32-Downadup/ba-p/388129 General Information Microsoft End user/Consumer page http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx IT Security/Professional Page http://technet.microsoft.com/en-us/security/dd452420.aspx Centralized information about Conficker http://blogs.technet.com/mmpc/archive/2009/01/22/centralized-information-about-the-conficker-worm.aspx SecureWorks www.secureworks.com/research/threats/downadup-removal/ Research (technical) SRI mtc.sri.com/Conficker MNIN Security Blog mnin.blogspot.com/2009/01/downatool-for-downadupbconflickerb.html (This is an awesome tool that generates domains, and ips to scan using the reversed algorithms from conficker) ThreatExpert Blog blog.threatexpert.com/2009/01/confickerdownadup-memory-injection.html And last but not least, the previous ISC articles on Conficker! Internet Storm Center (SANS) http://isc.sans.org/diary.html?storyid=5695 http://isc.sans.org/diary.html?storyid=5671 http://isc.sans.org/diary.html?storyid=5830 http://isc.sans.org/diary.html?storyid=5842	AndreL 56 Posts
Subscribe	Feb 13th 2009 1 decade ago
Love the listing of removal tools, can this be added to the SANS \"Links\" page for common removal tools? And in general, restructure and update the links page with newer and useful tools? I know asking a lot... Thanks, Brian	Brian 3 Posts
Quote	Feb 13th 2009 1 decade ago
I plan on posting more info as I come across it, I also am looking at formatting it a bit differently. I am not much of a fan of the current formatting, but given the amount of time involved I wanted to get something out sooner rather then later.	AndreL 56 Posts
Quote	Feb 13th 2009 1 decade ago
Step by Step In Dealing With and Removing Conficker. http://blog.sekiur.com/2009/02/step-by-step-in-dealing-with-conficker/	AndreL 1 Posts
Quote	Feb 14th 2009 1 decade ago
Additional technical information. It's possible to determine p2p UDP/TCP port pairs. https://cert.lexsi.com/weblog/index.php/2009/03/31/294-confickerc-de-peer-en-peer	Anonymous
Quote	Apr 4th 2009 1 decade ago

Sign Up for Free or Log In to start participating in the conversation!