The Confiker Virus.

Paul Ferguson fergdawgster at gmail.com
Mon Mar 30 17:27:15 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Mar 29, 2009 at 5:16 PM, Richard Golodner
<rgolodner at infratection.com> wrote:

>
>        Joe said earlier today:
>> Thanks, the only thing is that these, like most, websites are very vague
> about the mechanics behind the infiltration
>
>        Joe, the SRI report would be right up your alley as it is the most
> technical in its analysis of the variants A and B as well as an
> explanation of the algorithm it uses to determine domain names for future
> use of some kind.
>
> http://mtc.sri.com/Conficker/
>

Something folks might be interested in -- a way to detect
Conficker-infected hosts in your network:

https://www.honeynet.org/node/389

FYI,

- - ferg


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFJ0QDjq1pz9mNUZTMRAm7SAJ9MZo33Vok1uvyB4H7DML1gUKRlPQCggWtC
bL4g6kI0sc75IDu/fYzv8yI=
=HpOH
-----END PGP SIGNATURE-----


-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/




More information about the NANOG mailing list