Downad.KK/Conficker.C p2p Port Generation Code Exposed
By secgeeks - Posted on April 6th, 2009
581
vote
Yes, we didn’t want to hear any more about this either, but this is actually interesting.
In the process of investigating the WORM_DOWNAD.KK peer-to-peer (P2P) protocol communications, Trend Micro threat researchers have discovered – with the assistance of some external resources – some interesting code which indicates that the basic code functionality has been borrowed from existing documentation going back to (at least) early 1997.
While reviewing documentation made available by CERT-LEXSI (French CERT), with assistance from the great analysis work already done by SRI International, on the WORM_DOWNAD.KK p2p mechanisms, we drew our attention to this particular code in the WORM_DOWNAD.KK P2P port generation routine:
Read more: Conficker P2P Port Generation Code Uncovered | Malware Blog | Trend Micro - http://blog.trendmicro.com/downadkkconfickerc-p2p-port-generation-code-exposed/#ixzz0Bv1liwUV
Bookmark/Search this post with:
Recent comments
30 weeks 5 days ago
33 weeks 2 days ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 18 weeks ago
1 year 34 weeks ago
2 years 25 weeks ago
2 years 26 weeks ago
2 years 28 weeks ago