The Honeynet Project has discovered an anomaly in Conficker that makes it possible to detect infected hosts with an elaborate fingerprint scan over the network. This is great news if you suspect an infection and have no other means to check, or if you simply want to double-check information that your other defense mechanisms (IDS, AntiVirus, etc) provide.

The write-up and scanning tool are available on the Honeynet Website.

There are reports ob a bad signature update of Trend Micro today. The reported effects seem to vary from blocking IBM's Domino, non-functional Oracle servers over false postives to blocking the entire collection of machines.

The bad signature seems to be revision 4.995. Version 4.997 is supposed to not exhibit the problem any longer.

Trend Support Note