The researchers at SRI International updated their Conficker paper today. This is by far one of the best analysis of the Conficker malware. More malware information is available at SRI's Malware Resource Center. Another good Conficker article was published in the New York Times today; you have to subscribe to read it but the subscription is free. Be sure to also read the NYT article about the Conficker Cabal, the group of experts working behind the scenes to bring the Conficker botnet under control. We've got more information on Conficker in a previous diary (be sure to follow the links back to the earlier diaries about Conficker.) Also, lots of information on how to protect yourself is in this diary. Marcus H. Sachs |
Marcus 301 Posts ISC Handler Mar 20th 2009 |
Thread locked Subscribe |
Mar 20th 2009 1 decade ago |
One thing I've been womdering about the Conflicker update mechanism: assuming you have control over your own DNS, would it be possible to simply use the domain name generation logic to blackhole all the domain for the current day (or, perhapse, for D-1, and D+1) ? Would that prevent the worm from propagating, at least on all machines that use your DNS servers ?
|
Anonymous |
Quote |
Mar 20th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!