Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Industry Watch » The Technological

Conficker Eye Chart

Some people will do anything to appear cool.


Get It

Try It

Those dudes on Windows are so unintimidated by their latest malware epidemic they've gone and formed an action group.

Domain ID:D155734222-LROR
Domain Name:CONFICKERWORKINGGROUP.ORG
Created On:26-Mar-2009 21:50:24 UTC
Last Updated On:26-Mar-2009 22:25:20 UTC
Expiration Date:26-Mar-2010 21:50:24 UTC
Sponsoring Registrar:Network Solutions LLC (R63-LROR)
Status:CLIENT TRANSFER PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:40855724-NSI
Registrant Name:The Shadowserver Foundation
Registrant Organization:The Shadowserver Foundation
Registrant Street1:700-76 Broadway
Registrant Street2:Suite 236
Registrant City:Westwood
Registrant State/Province:NJ
Registrant Postal Code:07675
Registrant Country:US
Registrant Phone:+1.212555121
Registrant Email:no.valid.email@worldnic.com
Name Server:NS1.SHADOWSERVER.ORG
Name Server:NS2.SHADOWSERVER.ORG
Name Server:NS3.SHADOWSERVER.ORG

And they've devised a simple test so their friends can see if they're infected or not. They call it the 'Conficker Eye Chart'.



The way it works is this. This latest plague - called 'Conficker' - will try to block access to most of the Windows security cottage industry sites. Such as (of course) F-Secure, SecureWorks, and (always) Trend Micro.

Their own 'explanation' of this test is as follows.

Conficker (aka Downadup, Kido) is known to block access to over 100 anti-virus and security websites.

If you are blocked from loading the remote images in the first row of the top table above (AV/security sites) but not blocked from loading the remote images in the second row (websites of alternative operating systems) then your Windows PC may be infected by Conficker (or some other malicious software).

If you can see all six images in both rows of the top table, you are either not infected by Conficker, or you may be using a proxy server, in which case you will not be able to use this test to make an accurate determination, since Conficker will be unable to block you from viewing the AV/security sites.

But there's something that doesn't add up here. There are three images that are never used.



These represent the mascots of OpenBSD, Linux, and FreeBSD respectively. As these images are never blocked one may assume they're redundant. [The final image on the far right above is supposedly what happens not when you're infected but when you have image loading turned off in your browser. Thanks, guys!]

So why put them there? Indeed. And do these sad people need such an elaborate test anyway? Here's a simpler one. You don't need to check if you have image loading turned on. Nothing like that. Just answer this one question (if you can).

ARE YOU RUNNING WINDOWS?

  • If your answer is yes: who cares if you're infected by Conficker? There are over one hundred thousand other malware epidemics out there with more coming each day. With over one hundred thousand diseases knocking down your door - what do you care about a single one of them? If you're running Windows - get off it!

  • If your answer is no: enjoy your lives. Sit back and laugh like the rest of us at these pathetic people.

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.