March 25, 2009, 11:14 AM — Is everyone ready for Conficker's April 1 surprise? Brent Huston, CEO of security firm MicroSolved, Inc. twittered that his infosec team is still seeing "a lot of scans on the HITME and from HoneyPoint clients".
To help companies detect Conficker scans and probes on their networks, MicroSolved is offering a free tool - a Linux-only HoneyPoint GUI. You can download the zip file from here.
According to the MicroSolved's State of Security site: "The HoneyPoint Special Edition: Conficker runs in Linux and is easy to use with just about any LiveCD distro (including Puppy/DSL/gOS, etc.) and should make it easy for organizations to monitor their network spaces with a scattersensing approach. We chose not to release an OS X version to avoid issues with root authentication and Windows was not possible, since the detection requires binding to port 445/TCP which Windows uses for CIFS." Read the full post here.
The tool will expire on April 30th, 2009, after which time it will cease to function.
Conficker is a significant threat and is expected to wreak havok on April 1, 2009 (See Conficker.C variant set for April 1st surprise, CA says) and the Internet Storm Center for the latest update.