Speaking at RSA

April 17th, 2009

The 2009 RSA conference kicks off next week in San Francisco. It looks like a busy week for me - I’ll be presenting first on Tuesday, April 21st at the SecureWorks booth on the showfloor at 1:00 PM PDT. This will be a “Conficker Q&A” session. I’ll be answering questions with the knowledge I’ve gained from reverse-engineering Conficker and also from my participation in the Conficker Working Group. So, if you have any burning questions about the threat posed by the Conficker worm, drop by the booth at that time and I’ll try to answer them.

Read more…

Conficker Eye Chart

April 2nd, 2009

I’ve been working on a few different ways to detect Conficker via a web page load. I originally came up with a javascript method but I decided to go with a simpler approach using only images. Thus, the Conficker Eye Chart was born. It’s a simple visual test you can use to evaluate a Windows PC just by surfing to that page and looking at the images. It doesn’t work if you’re behind a web proxy (since the proxy will resolve the remote sites for you, bypassing Conficker’s blocking ability). But if you are behind a proxy, you should already be getting your Windows updates (including the MSRT tool) on time and updates from your anti-virus company as normal, so you shouldn’t be infected, right?