Fighting Back!
Yesterday, The Honeynet Project released a brand new Know-Your-Enemy (KYE) paper titled; Containing Conficker. Previous papers about the Conficker variants (like SRI’s analysis) have focused on explaining the inner workings of the malware. The KYE paper, on the other hand, proposes new ideas on how to identify, mitigate and remove Conficker from compromised hosts.
The paper contains a wealth of excellent information and actionable intelligence for both security analysts and network/system engineers trying to defend against the vexing issue that is; Conficker. Together with the paper, a series of different open source tools have also been released:
- Domain Name Generation Tool – Downatool2
- Memory Disinfectant – conficker_mem_killer.exe
- File and Registry Detector – regnfile.exe
- Conficker Remote Scanner – scs.exe
- Nonficker Vaccination Tool – nonficker.zip
The collection page includes the source code for all these tools and also Nebula-generated Snort signatures for Conficker.
Here is the link to the paper again, in case you missed it: PDF.
April 1st, 2009 at 01:10
[...] Fighting Back dari Norwegian Honeynet Project. Ada open source tools seperti: Domain Name Generation Tool, Memory Disinfectant, File and Registry Detector , Conficker Remote Scanner , Nonficker Vaccination Tool VN:F [1.1.6_502]please wait…Rating: 0.0/5 (0 votes cast)SHARETHIS.addEntry({ title: “Identifikasi Conficker di Jaringan”, url: “http://blog.unipro.co.id/archives/1069″ }); [...]