Wednesday, February 25, 2009

Conficker variant B - Still detected

As with all malware, variants eventually float to the surface of the threat landscape. Conficker is no different. The latest variant imaginatively named Conficker B, still uses the same propagation methods the original used. That is, it still attempts to exploit the vulnerability outlined in MS08-067.

Thanks to the way we write detection rules for Snort, the release on 2008-10-23 (provides detection for exploit attempts targeting MS08-067), contains rules that will continue to provide detection for the Conficker worm.

Ur welcom.

No comments:

Post a Comment