Tomorrow is phone home day for Conficker…
I went over today’s links from security people I follow on twitter. Dan Kaminsky (of last years DNS fame) has one of the best interview articles I’ve seen on Conficker at a high level and new tools related, but here are some additional docs:
http://isc.sans.org/conficker – SANS ISC Entry of third party removal tools
http://www.honeynet.org/papers/conficker/ – Know Your Enemy: Containing Conficker.
http://seclists.org/nmap-dev/2009/q1/0870.html – Nmap Scripting Engine script for detection.
http://securitylabs.websense.com/content/Alerts/3329.aspx – Some Technical nitty gritty of it by websense.
http://www.doxpara.com/?p=1294 – Packaged, updated, stand alone scanner by Kaminsky (rebuild the py2exe, Tillmann and Felix’s scs code, now with Core’s impacket library safely embedded); as well as more links for windows (nmap) scanning.
http://blog.tenablesecurity.com/2009/03/detecting-conficker-with-nessus.html – nessus plugin blog update
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx – Microsoft’s “Protect yourself from the Conficker computer worm” entry.