.

analyze infected network by conficker ?

<<

nubie

User avatar

Newbie
Newbie

Posts: 34

Joined: Mon Jun 23, 2008 9:03 pm

Post Tue Nov 10, 2009 11:28 pm

analyze infected network by conficker ?

Hi, need advise please, there is conficker on my network althought all pc now
is clean there is some question i need to ask, if i plug the new pc/unpatched pc(XP) on network in some unknown time the AV will give warned about the conficker, so i just try to run wireshark on the new pc/unpatched and sometime
i got the random packet source to dest and different port but in a random time to.

Could anyone give me some advise about what the next step i should do cause i had block some pc which try to connect to conficker server i had seen
the activity from my log router.

Thanks a lot.  :)

Regards,
Nubie
<<

johnfellers

Post Wed Nov 11, 2009 7:01 am

Re: analyze infected network by conficker ?

I just want to double check with you to make sure that I understand correctly. You have cleaned ALL of the machines on your network and the Conficker traffic is coming from outside of your network. And you saw the traffic on your router?

Let me know if this is correct. Thanks!

john
<<

nubie

User avatar

Newbie
Newbie

Posts: 34

Joined: Mon Jun 23, 2008 9:03 pm

Post Wed Nov 11, 2009 8:02 pm

Re: analyze infected network by conficker ?

Yes, that's correct johnfellers, but when i check using wireshark on unpatched new pc
to sniff packet on network it got warned AV but the source is come from pc on network, on wireshark when i right click some packet and follow tcp stream the av
pop up and warned about conficker.


Thank's a lot for your reply and i'm very hope for your advise please.  :)

Regards,
Nubie
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sun Nov 15, 2009 11:33 am

Re: analyze infected network by conficker ?

Then it sounds like there is still an infected machine on your network
twitter.com/timmedin | http://blog.securitywhole.com
<<

nubie

User avatar

Newbie
Newbie

Posts: 34

Joined: Mon Jun 23, 2008 9:03 pm

Post Sun Nov 15, 2009 7:43 pm

Re: analyze infected network by conficker ?

Yes, i've been thinking like that too however when i checked again that machine there is no conficker found, is that possible for the new pc unpatched being the gateway for conficker to other machine on network cause on the packet i've seen on wireshark sometime the new pc unpatched being the source to destination some machine on network(patched) ?.

Thank's a lot for your reply timmedin.  :)

Regards,
Nubie
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sun Nov 29, 2009 12:12 am

Re: analyze infected network by conficker ?

Could be, but that doesn't seem likely.
twitter.com/timmedin | http://blog.securitywhole.com

Return to Malware

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software