mailing list archives
Re: Conficker - your opion on how to determine the source of infection on a given network
From: "Tiflin, Conrad (ZA - Cape Town)" <ctiflin () deloitte co za>
Date: Thu, 13 Aug 2009 19:55:01 +0200
Quick Question to all.
I would like to identify the SOURCE computer where the "downadup.a" worm variant originated a given network which has
Minimal thinking tells me that I should search for the computer that's running an HTTP server between ports [1024 and
10000] - the result may be the source.
Anyone else have better ideas to determine the source computer on a network from which conficker originated?
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of madunix
Sent: 23 February 2009 09:54 AM
To: pen-test () securityfocus com
Subject: Microsoft bounty for worm creator!
"A reward of $250,000 (£172,000) has been offered by Microsoft to find
who is behind the Downadup/Conficker virus."
Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer")
that must be accessed and read by visiting our website and viewing the webpage at the following address:
http://www.deloitte.com/za/disclaimer. The Disclaimer is deemed to form part of the content of this email in terms of
Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer,
please obtain a copy thereof from us by sending an email to zaitservicedesk () deloitte co za
Re: Conficker - your opion on how to determine the source of infection on a given network Gerardo Castillo Alvarado (Aug 26)
Re: Conficker - your opion on how to determine the source of infection on a given network Alexander Bas (Aug 26)