Latest on Conficker

Published: 2009-03-20
Last Updated: 2009-03-20 02:48:08 UTC
by Marcus Sachs (Version: 1)
1 comment(s)

The researchers at SRI International updated their Conficker paper today.  This is by far one of the best analysis of the Conficker malware.  More malware information is available at SRI's Malware Resource Center.

Another good Conficker article was published in the New York Times today; you have to subscribe to read it but the subscription is free.  Be sure to also read the NYT article about the Conficker Cabal, the group of experts working behind the scenes to bring the Conficker botnet under control.

We've got more information on Conficker in a previous diary (be sure to follow the links back to the earlier diaries about Conficker.)  Also, lots of information on how to protect yourself is in this diary.

Marcus H. Sachs
Director, SANS Internet Storm Center

1 comment(s)


One thing I've been womdering about the Conflicker update mechanism: assuming you have control over your own DNS, would it be possible to simply use the domain name generation logic to blackhole all the domain for the current day (or, perhapse, for D-1, and D+1) ? Would that prevent the worm from propagating, at least on all machines that use your DNS servers ?

Diary Archives