[nsp-sec] Fwd: Conficker Remediation Effort (try this again)
SURFcert - Peter
p.g.m.peters at utwente.nl
Mon Mar 30 08:47:36 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Russell Fulton wrote on 29-3-2009 18:58:
> One thought I had is that the 4/1 change should make it easier to spot
> conficker infections based on DNS traffic. Presumably they will need to
> do a lot of look ups that fail. Has anyone looked at this? We have an
> CS MSc student looking at DNS responses so I thought I might throw this
> one his way.
We are working very closely together with the company Quarantainenet BV
who has access to our queries and is part of Microsofts MAPP. Through
that route they have access to the list of domains and can find infected
systems in our network rather fast. And that system will be put in
quarantine with in 15 minutes after detection. Until today only two such
systems have been found.
- --
Peter Peters
SURFcert Officer off Duty
cert at surfnet.nl http://cert.surfnet.nl/
office-hours: +31 302 305 305 emergency (24/7): +31 622 923 564
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJ0L9nelLo80lrIdIRAslXAKCLS3UfoH2JNub5dz1PXGclPtWTPQCfREPF
9FI0HjBddhLN14jNNggytVk=
=ihWK
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list