HighProventia Network IPS, Proventia Desktop, RealSecure Network, RealSecure Server Sensor, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This event triggers when Conficker P2P client traffic is detected transferring data content. When this event is triggered via UDP traffic, it will obey the pam.conficker_p2p.report.interval tuning parameter. When this event is triggered via TCP traffic, then the event will always trigger.
For more information, see: http://www.iss.net/threats/conficker.html
This event triggers when Conficker P2P client traffic is detected transfering data or executable content. When this event is triggered via UDP traffic, it will obey the pam.conficker_p2p.report.interval tuning parameter. When this event is triggered via TCP traffic, then the event will always trigger.
This event triggers when Conficker P2P client traffic is detected transfering data content. When this event is triggered via UDP traffic, it will obey the pam.conficker_p2p.report.interval tuning parameter. When this event is triggered via TCP traffic, then the event will always trigger.
Proventia Network IPS, Proventia Desktop, RealSecure Network, RealSecure Server Sensor, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware: It is highly unlikely that this event will trigger a false positive.
Proventia Network IPS, Proventia Desktop, RealSecure Network, RealSecure Server Sensor, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware: If Conficker changes it's encryption scheme, or changes the semantics of the payload, then this event will not trigger.
High
Proventia Network IPS: XPU 29.041, Proventia Desktop: 2381, RealSecure Network: XPU 29.041, RealSecure Server Sensor: XPU 29.041, Proventia-G 1.1 and earlier: XPU 29.041, Proventia Network IDS: XPU 29.041, Proventia Network MFS: XPU 29.041, IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 1.0.914.2381, IBM Security Server Protection for Windows: 2.0.300.2381, Proventia Server IPS for Linux technology: 29.041, Virtual Server Protection for Vmware: 1.0
Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows Me, Microsoft Windows XP, Microsoft Windows 2000: SP4, Microsoft Windows 2003 Server, Microsoft Windows Vista, Microsoft Windows NT, Microsoft Windows Server 2008
Unauthorized Access Attempt
The Conficker worm is a network worm that targets network endpoints. Conficker builds a bot framework that might be used for spam or stealing confidential information from endpoints. Complete compromise may lead to exposure of confidential information, loss of productivity, and further network compromise.
This network worm spreads by one or more of the following mechanisms:
Use an up-to-date antivirus application to determine if the target computer is host to the Conficker worm. If the application detects a backdoor, follow its instructions to disinfect and repair the computer.
IBM Internet Security Systems Protection Alert January 22, 2009
Conficker Worm
http://www.iss.net/threats/conficker.html
ISS X-Force
Conficker P2P data transfer detected
http://www.iss.net/security_center/static/49890.php