Monday, February 13, 2012 - 20:15
From time to time Janet CSIRT may report activity to you that is related to the Conficker worm. Typically this is a record of traffic from an infected host, to a Conficker sinkhole server. These sinkhole servers pretend to be part of the worm’s command and control infrastructure. The worm then attempts to load a web page on the sinkhole server, that were the server real, would contain instructions for the worm.
Our reports typically look like this