Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Conficker info

56 views
Skip to first unread message

FromTheRafters

unread,
Feb 20, 2009, 4:23:50 PM2/20/09
to

FromTheRafters

unread,
Mar 28, 2009, 9:20:19 PM3/28/09
to

jayjwa

unread,
Apr 6, 2009, 10:46:06 PM4/6/09
to
"FromTheRafters" <err...@nomail.afraid.org> writes:

> http://mtc.sri.com/Conficker/

Most interesting.

"First, it checks for the presence of a firewall. If a firewall exists,
the agent sends a UPNP message to open a local random high-order port
(i.e., it asks the firewall to open its backdoor port to the Internet).
Next, it opens the same high-order port on its local host: its binary
upload backdoor. This backdoor is used during propagation, to allow
newly infected victims to retrieve the Conficker binary. "

There's nothing quite like a "pants down!" command to the
firewall...

Except maybe replicating via the older-than-dirt Windows Naughty Port,
TCP/445.

jayjwa

unread,
Apr 6, 2009, 11:39:13 PM4/6/09
to
"FromTheRafters" <err...@nomail.afraid.org> writes:

> http://mtc.sri.com:80/Conficker/addendumC/index.html

Oh look:

http://mtc.sri.com/Conficker/contrib/Conficker_C_P2P_Scanner.C

author: Vinod Yegneswaran
compiled and tested on - Gnu gcc ver 4.2.2, running Linux, little
endian only


Maybe I could find a copy. Don't forget to rename the extension
correctly (.c), else gcc will think it's the wrong type of source file,
since .C means something special.

./Conficker_C_P2P_Scanner -v 64.179.12.2 64.179.12.254

There don't seem to be any on my subnet at the moment:

Number of suspected Conficker hosts found: 0


FromTheRafters

unread,
Apr 7, 2009, 6:57:56 AM4/7/09
to

"jayjwa" <jay...@atr2.ath.cx.invalid> wrote in message
news:x78wmdf...@atr2.ath.cx...

Remote
Penetration
Call
|
Don't
Count
On
Mitigation


Message has been deleted

FromTheRafters

unread,
Apr 9, 2009, 9:25:57 AM4/9/09
to
"chris" <generici...@hotmail.com> wrote in message
news:fccc22f0-9af3-4595...@f19g2000yqh.googlegroups.com...
> Interesting stuff.
> But... not really anything new, I don't think. Or at least, nothing
> revolutionary, just clever.

The cloudlike distribution of possible update repositories seems new to
me, but I have been away for some number of years.


FromTheRafters

unread,
Apr 9, 2009, 7:50:31 PM4/9/09
to
http://www.cnn.com/2009/TECH/04/09/conficker.activated/index.html

"FromTheRafters" <err...@nomail.afraid.org> wrote in message
news:gnn718$iv6$1...@reader.motzarella.org...
> http://mtc.sri.com/Conficker/
>


FromTheRafters

unread,
Apr 9, 2009, 7:59:47 PM4/9/09
to
0 new messages