Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Latest on Conficker - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Latest on Conficker

The researchers at SRI International updated their Conficker paper today.  This is by far one of the best analysis of the Conficker malware.  More malware information is available at SRI's Malware Resource Center.

Another good Conficker article was published in the New York Times today; you have to subscribe to read it but the subscription is free.  Be sure to also read the NYT article about the Conficker Cabal, the group of experts working behind the scenes to bring the Conficker botnet under control.

We've got more information on Conficker in a previous diary (be sure to follow the links back to the earlier diaries about Conficker.)  Also, lots of information on how to protect yourself is in this diary.

Marcus H. Sachs
Director, SANS Internet Storm Center

Marcus

301 Posts
ISC Handler
One thing I've been womdering about the Conflicker update mechanism: assuming you have control over your own DNS, would it be possible to simply use the domain name generation logic to blackhole all the domain for the current day (or, perhapse, for D-1, and D+1) ? Would that prevent the worm from propagating, at least on all machines that use your DNS servers ?
Anonymous

Posts

Sign Up for Free or Log In to start participating in the conversation!