Conficker Eye Chart: How it works

Mon Apr 13, 2009 3:53PM EDT

See Comments (129)

Many readers have been wondering what the easiest way is to determine whether their computer has been infected with the Conficker worm. Previously I've pointed them to this Conficker Eye Chart -- and that recommendation still holds -- but now I want to respond to further questions about how it works.

First, some have looked at the spartan Eye Chart and have worried that it might be, at best, a sham designed to lull you into a false sense of security and, at worst, yet another delivery mechanism for the Conficker worm. It is neither. The Conficker Eye Chart is in reality a very clever way to determine if your computer is compromised, and it doesn't require you to do anything but click one link.

Here's how it works, in brief: Visit the web page linked above and you'll see six images: The three on top are for security software websites, and the three on the bottom are the logos of various open source operating system distributions. The clever part of all this is that the logos aren't actually being served from the web page linked above, but are rather drawn directly from the six different websites to which each logo belongs.

Conficker (as many other pieces of malware) blocks your web browser from reaching many security websites, so if you don't see some of the security logos on the page, you probably have a problem. Why include the open source logos below it? Because if they don't show up, you are probably simply experiencing an internet connectivity problem instead of being the victim of a malware attack.

Whatever you see on the Eye Chart page, just scroll down a bit to determine how to interpret the images in question. Different strains of Conficker will cause a different set of logos to appear (since Conficker.B doesn't block the SecureWorks logo). Of course, you should also remember that many other viruses and worms block access to security software websites, so not seeing some or all of the images could also be a symptom of a different infestation. If you see all the logos, you're probably in the clear.

One point to remember is that Conficker's creators -- or someone -- have been attempting to attack the Eye Chart page directly, so the page may not load at all. If that's the case, don't assume you have Conficker; it's probably just a temporary site outage. (I am also getting sporadic reports that some of the images aren't showing up right now -- namely the SecureWorks logo in the upper center -- but again, this is a traffic overload issue. Try back later.)

Instead, try one of these other sites, which are also hosting the exact same Eye Chart and which will work exactly the same way. > joestewart.org > talkbiz.com > confickerworkinggroup.org

Comments on Conficker Eye Chart: How it works

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 1 Posted by rogueist on Thu Sep 3, 2009 8:49PM EDT Report Abuse

    If you have received the Conficker payload already then the eyechart is useless because the revised payload allows the eye chart to work. An alternate way to see if you have Conficker is to try to visit the Windows Update website using IE. IE will halt and crash with the hourglass spinning if Conficker's payload has been installed. You can also try to run the automated Windows Update. If you can get it to run, you will see that all the updates fail to work. Also manually trying to install a new version of IE will also fail. These are all good indications that you have Conficker installed.

  • 2 Posted by stizique on Thu Sep 3, 2009 9:45PM EDT Report Abuse

    With Microsoft...you never know...and the so called Anti Virus programs...who really know what these companies are inserting into anyone`s computer. I say Switch over ti Linux.

  • 3 Posted by soinservice on Thu Sep 3, 2009 9:31PM EDT Report Abuse

    I tried and the error message said "the connection to the server was reset during loading" What do you do with that?

  • 4 Posted by cooltd825 on Thu Sep 3, 2009 3:29PM EDT Report Abuse

    yeah, the link is getting high traffic. i'm using Linux & Vista, and an image or two failed to show. and trust me.. i do NOT have Conficker. i don't wanna take any credit of the ingenuity of the creator of this test, but it's definitely more affected by your internet connection.

  • 5 Posted by jenny6xoxlynn on Thu Sep 3, 2009 4:32PM EDT Report Abuse

    Me too, I clicked the link and it says page load error... hmm I don't know, what's wrong.

More Posts: First Prev 1 2 3 4 5 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.