A Foray into Conficker’s Logic and Rendezvous Points

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

A Foray into Conficker’s Logic and Rendezvous Points
Botnet Conficker
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2009 / 2009-04-22
Editor/Conference LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Link https://www.usenix.org/legacy/events/leet09/tech/full_papers/porras/porras.pdf (Archive copy)
Author
Type Conference paper or presentation

Abstract

We present an in depth static analysis of the Conficker worm, primarily through the exploration of the client-side binary logic. In this paper, we summarize various aspects of the inner workings of binary variants A and B,1 which were the first in a chain of recent revisions aimed to keep this epidemic resistant to ongoing eradication attempts. These first two variants have combined to produce a multi-million node population of infected hosts, whose true main purpose has yet to be fully understood. We further validate aspects of our analysis through in-situ network analyses, and discuss some attribution links about its origins.

Bibtex

 @misc{empty</strong>2009BFR4567,
   editor = {LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more},
   author = {},
   title = {A Foray into Conficker’s Logic and Rendezvous Points},
   date = {22},
   month = Apr,
   year = {2009},
   howpublished = {\url{https://www.usenix.org/legacy/events/leet09/tech/full_papers/porras/porras.pdf}},
 }