SRI International's Malware Threat Center has released the code to their scanner/detector for Conficker's "C" version. The official locations are:
Conficker C P2P Detection Modules (SourceFire ported the SRI module to their SO rule interface):
If any readers have used SRI's tools and want to comment about them, please use our contact form or login and use the comment feature below.
We want to again express our thanks to the team at SRI International for their ongoing analysis of the Conficker worm, as well as to all of the volunteers of the Conficker Working Group who continue to coordinate the mitigation of the worm's effects.
Marcus H. Sachs
Apr 5th 2009
9 years ago