On April 1st the Conficker.C virus (probably the most virulent MSWin 
virus to date) is due to "activate". By activate I mean that thusfar it 
has been just spreading itself, but once the host time reaches April 1, 
it will begin attempting to contact 50,000 randomly generated domain 
names per day, looking for a host to download an update from.  What this 
update will be, nobody knows. It could be anything from new improved 
code, to deleting the hard disk, to popping up a picture of a LOLcat and 
uninstalling itself.

Why would linux folks care about a windows virus? Because if you have 
any infected windows machines on your network, this virus can cause 
excessive traffic as it tries to locate a payload update, not to mention 
the network scanning it does in attempts to infect other hosts.

Here is some information on this nasty bugger:

http://en.wikipedia.org/wiki/Conficker

Here you can find a python script and also a version of nmap specially 
designed to located infected machines: http://www.doxpara.com/?p=1294

Here is an excellent paper on Conficker: 
http://www.honeynet.org/papers/conficker/
Direct link to the PDF: http://www.honeynet.org/files/KYE-Conficker.pdf

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss