Open Source Conficker-C Scanner/Detector Released
SRI International's Malware Threat Center has released the code to their scanner/detector for Conficker's "C" version. The official locations are:
Conficker C P2P Detection Modules (SourceFire ported the SRI module to their SO rule interface):
Preprocessor: http://mtc.sri.com/Conficker/contrib/plugin.html
SO Version: http://www.snort.org/vrt/tools/conficker-so-rules.tar.gz
Conficker C Network Scanner:
Source Code: http://mtc.sri.com/Conficker/contrib/scanner.html
If any readers have used SRI's tools and want to comment about them, please use our contact form or login and use the comment feature below.
We want to again express our thanks to the team at SRI International for their ongoing analysis of the Conficker worm, as well as to all of the volunteers of the Conficker Working Group who continue to coordinate the mitigation of the worm's effects.
Marcus H. Sachs
Director, SANS Internet Storm Center
Comments