Malware Patrol

Conficker

The Malware Patrol Team is aware and concerned about the Conficker threat. Therefore we created block lists that can be used to deny access, download and proliferation of this Malware and its variants.

"Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in October 2008. An early variant of the worm propagated through the Internet by exploiting a vulnerability in the network stack of Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta".

"Although Microsoft released an emergency out-of-band patch in late October to close the vulnerability, the large number of Windows PCs which remained unpatched (estimated at 30%) allowed Conficker to rapidly spread into what is now believed to be the largest computer worm infection since the 2003 SQL Slammer".

"The rise of Conficker, as an event and as a media phenomenon, has as much to do with user inaction as it does with the actual threat posed by the worm itself. The Conficker worm is proof positive of the fact that despite security updates and media reports, users can be the weak link in the security ecosystem unless motivated to action."

There are 5 known variants of Conficker in the wild and they have unique behaviors. Newer variants are using Waledac, a spam botnet, to infect computers with a fake Anti-Virus Trojan, also known as "scareware" or "rogueware". To help system administrators protect their users from this new threat we are distributing Waledac Domain lists formated for the most popular proxy softwares. We recommend daily updates.

Malware Block Lists to block Conficker updates and worm installation are available for non-commercial use in following formats:

	Conficker Block List
BIND like DNS Servers	Testing
DansGuardian	Testing
Firekeeper 0.2.9 or newer	Testing
Hosts file - 127.0.0.1	Testing
Hosts file - 127.0.0.3	Testing
Hosts file - 0.0.0.0	Testing
Hosts file - MacOS pre OS-X	Testing
MaraDNS - CVS2	Testing
SmoothWall	Testing
Squid Web Proxy ACL	Testing
SquidGuard	Testing
Symantec WebSecurity	Testing

Please report any problems using this lists. Our special thanks go to the nice guys from ShadowServer for working on a raw version of the Waledac Domains list.

Please support us. Make a Donation!

Please Donate any amount of money and help us block and remove Malware from the Internet.

Your donation is very important and will be used to pay for server hosting and bandwidth needed to keep this project freely available for non-commercial use.