Conficker C / B++ Autoupdate Capabilities, Detection Tactics and Geometric Detection
By secgeeks - Posted on March 3rd, 2009
162
vote
Morpheus: "What can you see, Neo?"
Neo: "It's strange. The code is somehow different."
Morpheus: "Encrypted?"
Neo: "Maybe."
Trinity: "Is that good for us, or bad for us?"
Neo: "Well, it looks like every floor is wired with explosives."
Trinity: "Bad for us."
Morpheus: "Here we go."
-The Matrix Reloaded
The "conficker cabal" industry consortium is working to lock the domain names used by the worm for command and control. The best probability of success for the bot's creators to retake control may now be DNS poisoning; DNS poisoning attempts may be a potential early warning indicator if the worm's authors attempt to reassert control of the infected population. The latest version – Conficker B++ or C – has also implemented an “autoupdate” capability of sorts, perhaps as an alternative method to reassert control.
Continue reading here....
Bookmark/Search this post with:
Recent comments
30 weeks 5 days ago
33 weeks 2 days ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 18 weeks ago
1 year 34 weeks ago
2 years 25 weeks ago
2 years 26 weeks ago
2 years 28 weeks ago