A Foray into Conficker’s Logic and Rendezvous Points
Jump to navigation
Jump to search
(Publication) Google search: [1]
A Foray into Conficker’s Logic and Rendezvous Points | |
---|---|
Botnet | Conficker |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2009 / 2009-04-22 |
Editor/Conference | LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more |
Link | https://www.usenix.org/legacy/events/leet09/tech/full papers/porras/porras.pdf (Archive copy) |
Author | |
Type | Conference paper or presentation |
Abstract
“ We present an in depth static analysis of the Conficker worm, primarily through the exploration of the client-side binary logic. In this paper, we summarize various aspects of the inner workings of binary variants A and B,1 which were the first in a chain of recent revisions aimed to keep this epidemic resistant to ongoing eradication attempts. These first two variants have combined to produce a multi-million node population of infected hosts, whose true main purpose has yet to be fully understood. We further validate aspects of our analysis through in-situ network analyses, and discuss some attribution links about its origins.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR4567, editor = {LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more}, author = {}, title = {A Foray into Conficker’s Logic and Rendezvous Points}, date = {22}, month = Apr, year = {2009}, howpublished = {\url{https://www.usenix.org/legacy/events/leet09/tech/full_papers/porras/porras.pdf}}, }