|
Various sources report that some conficker infected systems are receiving updates now. The update may include a keylogger and other code to exfiltrate data. We will keep this diary updates as we hear more. The update is delivered using the P2P mechanism and not the (disfunct) web sites.
------ |
Johannes 4345 Posts ISC Handler Apr 9th 2009 |
| Thread locked Subscribe |
Apr 9th 2009 1 decade ago |
|
If the sucker is really using port 5114,
your own statistics do not show something special, regarding peaks. Maybe I would like to misinterprete the peaks. http://www.dshield.org/portgraph.html?_jpg_csimd=1&token=&start_month=1&start_day=1&start_year=2009&end_month=4&end_day=10&end_year=2009&port=5114&leftgraph=tcpratio&rightgraph=reports&range=Y&submit=Update |
Anonymous |
| Quote |
Apr 10th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
