Conficker is a network virus which is attach for Microsoft Windows family such as Windows XP, Windows Vista, Windows 2000 and Windows 2003. I get some information about how to know and detect which computer at out network infected by Conficker virus with some free tools.
When a single computer detected that already infected by Conficker, it's easy to clean this virus and repair the damage. But for network computer, the administrator should have tools to detect which computer infected by Conficker and which computer is not. By default, Conficker Virus infect other computer using Windows default share using port 445, but beside that port, other version of Conficker also know use port 1024 until 10000 for try infect the computer at the network.
There are several tools for detect Confecker virus at our network. The tolls is provide by some security vendor for help us more easy to detect the Conficker virus at our network. At this article, we talk using Wireshark.
Wireshark or Ethereal is one of many Network Analyser tools which use with a lot of network administrator for analyze the network performance. Many network administrator like using this tools because the interface using GUI (Graphical User Interface), so it is easy to do anything with this tools. Wireshark is available for several operating system such as Windows, Linux, Mac and many more.
With Wireshark, we can analyze the information package data which is contain Conficker virus. Don't forget to enable and install MATE (Meta Analysis Tracing Engine) plugin, because by default this plugin is not active. This plug in use to filter all package data from every protocol which passes at our network. Also do not forget to install WinPcap, this tools use for read the package.
For detect the Conficker, we have to use NBNS (NetBIOS Name Service) protocol, then read the information. Because NBNS will read the hostname which is try to attach by Conficker. When we know the hostname, then we know which hostname or computer attach by Conficker.
We can download Wireshark at http://www.wireshark.org/download.html