FREE HoneyPoint to Capture Conflicker Infections

MSI is proud to announce the instant availability of a LINUX ONLY HoneyPoint GUI tool to capture Conflicker scans and probes.

Conflicker is a significant threat and is expected to wreak havok on April 1, 2009. You can find a ton of information about Conflicker here from various vendors via SANS.

The HoneyPoint Special Edition: Conflicker runs in Linux and is easy to use with just about any LiveCD distro (including Puppy/DSL/gOS, etc.) and should make it easy for organizations to monitor their network spaces with a scattersensing approach. We chose not to release an OS X version to avoid issues with root authentication and Windows was not possible, since the detection requires binding to port 445/TCP which Windows uses for CIFS.

This application is our attempt to help organizations around the world defend themselves and their assets against this bleeding edge threat using rational, safe and effective detection mechanisms at the network level.

You can download the zip file from here.

Please let us know your thoughts.

7 thoughts on “FREE HoneyPoint to Capture Conflicker Infections

  1. I saw your blog post. Thanks for the feedback. I should have included a readme.

    Basically, you execute the application as root on a Linux box (preferably one without Samba) (a LiveCD such as Puppy Linux will also work). The instructions for it’s use are in the How To: window of the application, but you just click start and the application will dilate port 445/tcp with a HoneyPoint listener. Then you wait for probes to arrive from conficker scans and the app will log the source IP addresses to the log window. Treat all source IP addresses as infected hosts and investigate them in accordance with your site’s security policy.

    Let me know if you have other questions. Good hunting!

  2. Neither. The tool is not a scanner, it is a honeypot for capturing incoming probes from Conficker compromised hosts.

    Once the worm is in control of a system, it uses that system to scan for other victims. The scanning is what this product is aimed at catching.

    See to learn more about the basic concepts behind this approach.

Leave a Reply