Conficker eye chart -- reloaded. Also known (in the great tradition) as: Spread this chart
On account of the original eye chart at Joe Stewart's site being down, I've taken the liberty of creating this eye chart in replacement.
How to interpret
|If you see this above:||It probably means this:|
|All six images displayed||= Normal/Not Infected by Conficker (or using proxy)|
|Security/AV logos not displayed||= Possibly Infected by Conficker (C variant or greater)|
|Some security/AV logos not displayed||= Possibly Infected by Conficker B variant|
|Lower images don't appear
(Tux, blowfish, devil)
|Any other combination||= Poor Internet connection?|
Conficker (aka Downadup, Kido) is known to block access to over 100 anti-virus and security websites.
If you are blocked from loading the remote images in the first row of the top table above (AV/security sites) but not blocked from loading the remote images in the second row (websites of alternative operating systems) then your Windows PC may be infected by Conficker (or some other malicious software).
If you can see all six images in both rows of the top table -- or at least the top ones, as the bottom ones seem to be DDoSed at the time -- you are either not infected by Conficker, or you may be using a proxy server, in which case you will not be able to use this test to make an accurate determination, since Conficker will be unable to block you from viewing the AV/security sites.
Detecting Conficker on your network through a port scanner
Net-Security suggests that, to scan for Conficker, you can a command such as:
nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks]
F-Secure and the F-Secure Logo are trademarks of F-Secure Corporation.
SecureWorks and the SecureWorks Logo are registered trademarks of SecureWorks Inc.
Trend Micro and the T-Ball logo are trademarks or registered trademarks of Trend Micro Inc.
The Conficker Eye Chart is a concept by Joe Stewart. This derivative work was set up to help Joe Stewart's efforts.
If this machine survives the current hundreds-of-hits per second traffic storm, consider GPLHost for your next Web service venture (I'm using a 768 MB RAM VPS). And, for your next consulting need, consider me. Back in the day, I used WordPress; today, I use Plone. So far, I seem to know what I'm doing to serve big traffic, and I hope you'll let me do that for you too.