Detecting Conficker in your Network
Description of a method to detect earlystate Conficker worm infections through blocklists fitting the needs of small and medium enterprises.
You can download the full document in pdf format here.
Conficker is a computer worm spreading on Windows operating system by mainly using a buffer overflow or the Windows Autorun feature. The worm itself does not contain malware functions but contains a routine to load such code after infection. The purpose of this article is to sketch a way to detect such a worm in a small to medium business network as early as possible so that the effects of the worm can be minimized.