[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The Confiker Virus.

Subject: The Confiker Virus.
From: fergdawgster at gmail.com (Paul Ferguson)
Date: Mon, 30 Mar 2009 10:27:15 -0700
In-reply-to: <000001c9b0cc$c6126100$52372300$@com>
References: <[email protected]> <002f01c9b0cb$0b0f6de0$0101a8c0@E520> <000001c9b0cc$c6126100$52372300$@com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Mar 29, 2009 at 5:16 PM, Richard Golodner
<rgolodner at infratection.com> wrote:

>
>        Joe said earlier today:
>> Thanks, the only thing is that these, like most, websites are very vague
> about the mechanics behind the infiltration
>
>        Joe, the SRI report would be right up your alley as it is the most
> technical in its analysis of the variants A and B as well as an
> explanation of the algorithm it uses to determine domain names for future
> use of some kind.
>
> http://mtc.sri.com/Conficker/
>

Something folks might be interested in -- a way to detect
Conficker-infected hosts in your network:

https://www.honeynet.org/node/389

FYI,

- - ferg


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFJ0QDjq1pz9mNUZTMRAm7SAJ9MZo33Vok1uvyB4H7DML1gUKRlPQCggWtC
bL4g6kI0sc75IDu/fYzv8yI=
=HpOH
-----END PGP SIGNATURE-----


-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/

Follow-Ups:
- The Confiker Virus.
  - From: joesox at gmail.com (JoeSox)

References:
- The Confiker Virus.
  - From: bgreene at senki.org (Barry Raveendran Greene)
- The Confiker Virus.
  - From: jbfixurpc at gmail.com (Joe Blanchard)
- The Confiker Virus.
  - From: rgolodner at infratection.com (Richard Golodner)

Prev by Date: The Confiker Virus hype and measures
Next by Date: The Confiker Virus hype and measures
Previous by thread: The Confiker Virus.
Next by thread: The Confiker Virus.
Index(es):
- Date
- Thread