[Emerging-Sigs] conficker domain rules

Jack Pepper pepperjack at afferentsecurity.com
Mon Jan 19 23:17:50 EST 2009

The previous conficker domain ruleset was 3750 rules.  that seemed a  
bit much.  I have created an alternate "regex from hell" version that  
uses PCRE to map the same 3750 domains into just 56 rules (at the  
price of some serious PCRE hashing).  You do what works for you.

Detailed rules: http://www.autoshun.org/downloads/conficker.rules

PCRE based rules: http://www.autoshun.org/downloads/rconficker.rules

don't load them both, that's just pointless.



Framework?  I don't need no stinking framework!

@fferent Security Labs:  Isolate/Insulate/Innovate  

More information about the Emerging-sigs mailing list