Today we released version 2 of our Simple Conficker Scanner (SCSv2). It contains a new scanning method which allows for detection of machines infected with the recent Conficker version (D or E, depending on the naming scheme - the tool calls it D). Although the patch to the vulnerable function NetpwPathCanonicalize() was updated in the new variant, the RPC response codes for specially crafted requests are still different for infected machines.
The Honeynet Project is very excited to be a member of the Google Summer of Code. We are sponsoring at least eight GSoC projects and potentialy more, depending on how many other ideas we received. Google has just closed the application period, we are thrlled to see we received 55 applications. Our mentors will spend the next week reviewing and ranking each application. Then, on 15 April Google will select our top applicants. At this time we do not know how many applicants will be allowed in our program, but we are hoping it will be quite a few!
Joe Stewart from the Conficker Working Group has created an eye chart that allows for online identification of Conficker B and C infections. The idea of trying to load content from sites that are blocked by Conficker is really smart.
The Honeynet Project is excited to announce the release of Know Your Enemy: Containing Conficker. In this paper we present several potential methods to contain Conficker. The approaches presented take advantage of the way Conficker patches infected systems, which can be used to remotelydetect a compromised system. Furthermore, we demonstrate various methods to detect and remove Conficker locally and a potential vaccination tool is presented.
The Honeynet Project is very excited to announce a new scanning tool for detecting Conficker and an upcoming Know Your Enemy paper detailing how to contain Conficker. Both the paper and the tool have been developed by Honeynet Project members Tillmann Werner and Felix Leder. The tool was developed over the weekend, in co-ordination with Dan Kamisnky, and this tool is now publicly available and is in the process of being integrated into most major vulnerability scanning tools, including Nmap.
As you know, bad things are going to happen on April 1st: people will be sending out emails to their friends, telling silly jokes and putting MTAs under a higher load. Besides that (but not quite that bad), Conficker will activate its domain name generation routine to contact command-and-control servers. We have been researching this piece of malware recently, with a focus on how to detect Conficker-infected machines. Felix and I had a discussion with Dan Kaminsky about the possibilities to actively detect Conficker and wrote a scanner for this task.
Folks, just a friendly reminder that the Honeynet Project is actively seeking and taking students for the annual Google Summer of Code. If you are interested in information security, open source and learning from some extremely talented developers in this area, then this is the place for you. We currently have eight project ideas, but we are open to any suggestions or ideas you may have. Learn more at our Honeynet Project GSoC Ideas Page. Applications close on Friday, 03 April so you only have one week left.
We are excited to announce that the Honeynet Project has been selected by Google to be a mentoring organization for their annual Google Summer of Code project. Our team of volunteers is very excited about this and look forward to working with and helping mentor students around the world about honeypot technologies. To learn more about the different projects you can work with us on, please take a moment to review our IDEAS PAGE. If you will be submitting an application, your best chance to be selected is to take your tim
Buffer overflow, cross site scripting and sql injection have had their share of the spotlight,
I have recently decided to give more attention to layer two issues and share my findings.
Some of the reasons that attracted me to layer two security is that there is a high percentage of
We are very excited to announce the Honeynet Project has applied for the Google Summer of Code for 2009.