< Waledac Takedown Successful | "Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries" >

Waledac Infection Check

admin
Ben Stock has implemented a web service to check a given IP address for infection with Waledac, similar to the Conficker Eye Chart. The idea is that we are currently tracking Waledac as part of the take-down effort and thus we have a pretty good overview of the individual bots within the botnet. Therefore we are in a position to determine if we have seen a given IP address in the recent past as a bot, which indicates that this IP address might be related to a Waledac infection. Of course, effects like NAT or DHCP need to be taken into account: if an IP address is not listed, this does not necessarily mean that you are not infected.

The check is available at http://mwanalysis.org/waledac/, feedback is welcome!
This entry was posted by Thorsten Holz on Tuesday, March 2. 2010 at 22:29. and is filed under admin, malware. You can leave a response, or trackback from your own blog.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

  1. ip lawyers says:
    #1 2011-10-05 22:01 (Reply)

    I think it's incredible what you are doing with IP addresses. It's great to see malware and other obtrusive behavior be combated like this. I look forward to seeing what else you do to protect our intellectual property!


Add Comment


E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA 1CAPTCHA 2CAPTCHA 3CAPTCHA 4CAPTCHA 5