Diagnose Conficker With Web-Based Eye Chart 180
thomsomc writes "Joe Stewart from the Conficker Working Group has created an eye chart that allows for online identification of Conficker B and C infections. Using basic knowledge of the blacklisting that Conficker employs to avoid attempting to infect IPs that belong to popular Anti-Virus and security firms (including Microsoft), the group whipped up this very simple test to see if you can load content from the various pages. If you can see all of the images, you're more than likely Conficker-free. According to Honeynet, 'This detection method should be more reliable than network scanning based tests. Happy scanning!'" Related: Tech Fragments notes in passing that nothing much seems to have come of conficker's dreaded April 1 deadline.
sweet (Score:5, Insightful)
a nice, easy, reliable way to detect a conficker infection.
great!
This is gonna cause mass hysteria.. (Score:2, Insightful)
Re:Jon Stewart? (Score:3, Insightful)
the question is: how many other topics can we find that are !jonstewart?
answer: 99% of them wooooooooooooo
Re:Mirror (Score:5, Insightful)
Ha.
Anyway, the page is a clever idea.
Here's another interpretation to add to the list: Some of the sites that the page pulls images from are Slashdotted.
Re:This is gonna cause mass hysteria.. (Score:2, Insightful)
I think it's already there... I got it to actually load 1 out of 6 trys
Well that's why it's slashdotted... people are loading it six times!
Re:Jon Stewart (Score:3, Insightful)
Re:Jon Stewart? (Score:1, Insightful)
Re:How long before they ruin this test (Score:4, Insightful)
Not if they're blacklisting. Only if they're redirecting. And if they were redirecting they'd presumably already have fake site mirrors set up, including these images, so the test would have never worked.
Interesting idea, but ... (Score:1, Insightful)
What happens when those six sites see that they are getting leeched, and pull those images? Chaos ensues as man + dog believes themselves to be infected.
Re:How long before... (Score:5, Insightful)
Then we (it's open source after all!) modify the test to use iframes (ewwww... but useful in this situations) to actually load the full pages, once Conficker gets updated so it allows the pages, we move to actually downloading the patches with a message like "if the file doesn't download, you're probably infected", by the time Conficker gets good enought to actually allow the patches but modifing them on the fly so they are not useful (just random noise with the same size and filename), then we're screwed.
Maybe I shouldn't give them ideas. I bet the author of Confickr reads slashdot.