Diagnose Conficker With Web-Based Eye Chart

thomsomc writes "Joe Stewart from the Conficker Working Group has created an eye chart that allows for online identification of Conficker B and C infections. Using basic knowledge of the blacklisting that Conficker employs to avoid attempting to infect IPs that belong to popular Anti-Virus and security firms (including Microsoft), the group whipped up this very simple test to see if you can load content from the various pages. If you can see all of the images, you're more than likely Conficker-free. According to Honeynet, 'This detection method should be more reliable than network scanning based tests. Happy scanning!'" Related: Tech Fragments notes in passing that nothing much seems to have come of conficker's dreaded April 1 deadline.

Re:Jon Stewart?

[piojo]

How can the first post be modded Redundant when he says something that is not a meme or a common sentiment?

Re:Jon Stewart?

[Spazztastic]

How can the first post be modded Redundant when he says something that is not a meme or a common sentiment?

Because someone with mod points is either trolling or doesn't understand the meaning of the word. Just another flaw in the system.

Slashdotted scare

[interkin3tic]

Clicked on the link, page unavaliable. A reload did work.

Should be in the summary: If the page doesn't load at all, that doesn't mean you're infected, that means "Poor Internet connection?" If the page loads but some of the images don't, THAT is a positive.

Re:Slashdotted scare

[nwf]

Same here. Reloading did work. Thankfully, I'm clean!

Re:Jon Stewart

[thedonger]

And I sure am glad Taco et al chose to disable the italics tag

Try the em tag.

Re:If Conficker was designed by a security guru...

[Anonymous Coward]

No, they didn't plan on misleading the public about April 1st. Even the real(not PR driven) security researches didn't think anything bad would happen. The public and news sites were just using it as an excuse to make a fuss again.

Conficker has already had a few of these dates, April 1st is just the date it starts actively looking for any future updates to the worm. As long as everything is going well so far, they won't update it.

Re:sweet

[Jamie's Nightmare]

The site is slow, but I found a copy here. [joestewart.org]

I'm going to make my own page based on this idea because there was no reason to put the stupid Linux and BSD logos on the page. That's just being a douche bag.

Re:sweet

[imemyself]

Assuming you don't use a transparent proxy, then you would still get false negatives. The "eye chart" test won't work with proxies, not because of caching, but because with a non-transparent proxy Conficker wouldn't see that your computers are actually communicating with the security people's IP ranges.

Re:sweet

[moose_hp]

The reason there are logos there is to test that your browser can actually display images before you start panicking that you don't see the logos from the anti-virus. They are also good to compare download times in case that your Internet connection is just slow at that time.

I copied to source code into an Apache server here, changed the logos on the lower row to point to images on the respective sites (instead of local images) and downloaded the "description" images. Works like a charm, we already found an infected laptop.