Diagnose Conficker With Web-Based Eye Chart 180
thomsomc writes "Joe Stewart from the Conficker Working Group has created an eye chart that allows for online identification of Conficker B and C infections. Using basic knowledge of the blacklisting that Conficker employs to avoid attempting to infect IPs that belong to popular Anti-Virus and security firms (including Microsoft), the group whipped up this very simple test to see if you can load content from the various pages. If you can see all of the images, you're more than likely Conficker-free. According to Honeynet, 'This detection method should be more reliable than network scanning based tests. Happy scanning!'" Related: Tech Fragments notes in passing that nothing much seems to have come of conficker's dreaded April 1 deadline.
If Conficker was designed by a security guru... (Score:5, Interesting)
Because there is so much money to be made by botnets these days, it has moved from a "look what I can do" feat to a real business in its own right (legality aside). It is widely assumed that Conficker is among the first of a new breed of very carefully produced viruses and worms, written by professional developers who are paid quite well for their computer security and anti-anti-virus skills.
This class of developer knows exactly how the anti-virus companies work. It should have been expected by the Conficker designers that their virus would be examined in isolated networks. The designers would therefore be able to take advantage of that (it's easy enough to detect -- no word from the master servers, no ability to further infect, etc), and that's what we saw yesterday. Planned panic for no reason. At this point, most people think Conficker is either no serious threat, or an April Fools' Day prank. These people could be very wrong.
With the pressure off, infected machines are now able to go about their intended business, which could be sending spam, using distributed computing, farming user data, coordinated attacks of one type or another, or merely a conspiracy to protect computers from infections (a virally spreading anti-virus utility that you can't detect, stop, or remove? ingenious!).
The merits of a secret anti-virus product are more down-to-earth than you might think; most high-end zombie masters write their viruses so that they can't be detected by users and so that they are the sole "pwners" of the system -- competition is bad in this field. What you end up with is zombie masters who are suddenly interested in maintaining your computer for you - virus-free (save their virus), clean, efficient. If this zombie master is your federal government, merely reserving the right to use ("draft") your system as a "minute man" for emergencies where your computing power or attacking capabilities are needed, that might be a fair "tax."
Useful in China? (Score:2, Interesting)
Nothing? (Score:3, Interesting)
Someone set us up the spambot.
Spam was way down most of this year, until yesterday. Then it shot back up to where it was last year.
Clearly someone tagged 4/1 as the day to start the spambots back up. Whether this is directly related to the conficker thing I couldn't tell.
How long before... (Score:2, Interesting)
...Conficker is patched to allow access to these specific images from these domains?
How long before they ruin this test (Score:5, Interesting)
Re:Nothing? (Score:4, Interesting)
I can't take credit for saying this as I'm only parroting it from another source, Fark I believe, but someone said it was well-known in the security industry that April 1st is by far the most common date for new malware to go live, and is also a common date for existing malware to update.
Probably to maximize confusion.