You are here: Home / Linux and free software / Conficker eye chart -- reloaded. Also known (in the great tradition) as: Spread this chart

Conficker eye chart -- reloaded. Also known (in the great tradition) as: Spread this chart

Are you infected with Conficker? My machines can handle the DDoS that Conficker inflicted on the original eye chart's site. See if you're infected here.

On account of the original eye chart at Joe Stewart's site being down, I've taken the liberty of creating this eye chart in replacement.

How to interpret

If you see this above: It probably means this:
All six images displayed = Normal/Not Infected by Conficker (or using proxy)
Security/AV logos not displayed = Possibly Infected by Conficker (C variant or greater)
Some security/AV logos not displayed = Possibly Infected by Conficker B variant
Lower images don't appear
(Tux, blowfish, devil)
=
  1.  Image loading turned off in browser?
  2. Verification images most likely being DDoSed (attacked by thousands of machines around the globe)
It's okay, the important part is the top images -- do you see them?
Any other combination = Poor Internet connection?

Explanation

Conficker (aka Downadup, Kido) is known to block access to over 100 anti-virus and security websites.

If you are blocked from loading the remote images in the first row of the top table above (AV/security sites) but not blocked from loading the remote images in the second row (websites of alternative operating systems) then your Windows PC may be infected by Conficker (or some other malicious software).

If you can see all six images in both rows of the top table -- or at least the top ones, as the bottom ones seem to be DDoSed at the time -- you are either not infected by Conficker, or you may be using a proxy server, in which case you will not be able to use this test to make an accurate determination, since Conficker will be unable to block you from viewing the AV/security sites.

Detecting Conficker on your network through a port scanner

Net-Security suggests that, to scan for Conficker, you can a command such as:

 nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks]

Credits

F-Secure and the F-Secure Logo are trademarks of F-Secure Corporation.
SecureWorks and the SecureWorks Logo are registered trademarks of SecureWorks Inc.
Trend Micro and the T-Ball logo are trademarks or registered trademarks of Trend Micro Inc.
The Conficker Eye Chart is a concept by Joe Stewart. This derivative work was set up to help Joe Stewart's efforts.
Copyleft 2009.

If this machine survives the current hundreds-of-hits per second traffic storm, consider GPLHost for your next Web service venture (I'm using a 768 MB RAM VPS).  And, for your next consulting need, consider me, I used WordPress; today, I use Plone.  So far, I seem to know what I'm doing to serve big traffic, and I hope you'll let me do that for you too.

Filed under: