Signature Detail

Short Name	WORM:CONFICKER:C-ACTIVITY
Severity	Info
Recommended	No
Category	WORM
Keywords	Worm Conficker.C Conficker Downadup
Release Date	2009/03/30
Update Number	1394
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

WORM: Conficker.C Activity

This signature detects traffic sent by the C variant of the Conficker/Downadup worm. The source address of the session may be infected with the worm and should be checked. Blocking using this signature has no effect in mitigating the spread of this worm. This signature can false positive on some Web browsers. To reduce the chance of false positives, it is recommended you apply this signature on outbound traffic going to the Internet and not on inbound traffic coming from the Internet.

References

URL: http://www.microsoft.com/conficker
URL: http://www.sophos.com/sophos/docs/eng/marketing_material/conficker-analysis.pdf

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

WORM: Conficker.C Activity

References