Description of a method to detect earlystate Conficker worm infections through blocklists
fitting the needs of small and medium enterprises.
You can download the full document in pdf format here
Conficker is a computer worm spreading on Windows operating system by mainly
using a buffer overflow or the Windows Autorun feature. The worm itself does not contain
malware functions but contains a routine to load such code after infection. The purpose of
this article is to sketch a way to detect such a worm in a small to medium business network
as early as possible so that the effects of the worm can be minimized.