The Confiker Virus.
Paul Ferguson
fergdawgster at gmail.com
Mon Mar 30 17:27:15 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, Mar 29, 2009 at 5:16 PM, Richard Golodner
<rgolodner at infratection.com> wrote:
>
> Joe said earlier today:
>> Thanks, the only thing is that these, like most, websites are very vague
> about the mechanics behind the infiltration
>
> Joe, the SRI report would be right up your alley as it is the most
> technical in its analysis of the variants A and B as well as an
> explanation of the algorithm it uses to determine domain names for future
> use of some kind.
>
> http://mtc.sri.com/Conficker/
>
Something folks might be interested in -- a way to detect
Conficker-infected hosts in your network:
https://www.honeynet.org/node/389
FYI,
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
wj8DBQFJ0QDjq1pz9mNUZTMRAm7SAJ9MZo33Vok1uvyB4H7DML1gUKRlPQCggWtC
bL4g6kI0sc75IDu/fYzv8yI=
=HpOH
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawgster(at)gmail.com
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the NANOG
mailing list