A Foray into Conficker’s Logic and Rendezvous Points

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

A Foray into Conficker’s Logic and Rendezvous Points
Botnet Conficker
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2009 / 2009-04-22
Editor/Conference LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Link https://www.usenix.org/legacy/events/leet09/tech/full papers/porras/porras.pdf (Archive copy)
Author
Type Conference paper or presentation

Abstract

We present an in depth static analysis of the Conficker worm, primarily through the exploration of the client-side binary logic. In this paper, we summarize various aspects of the inner workings of binary variants A and B,1 which were the first in a chain of recent revisions aimed to keep this epidemic resistant to ongoing eradication attempts. These first two variants have combined to produce a multi-million node population of infected hosts, whose true main purpose has yet to be fully understood. We further validate aspects of our analysis through in-situ network analyses, and discuss some attribution links about its origins.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR4567,
   editor = {LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more},
   author = {},
   title = {A Foray into Conficker’s Logic and Rendezvous Points},
   date = {22},
   month = Apr,
   year = {2009},
   howpublished = {\url{https://www.usenix.org/legacy/events/leet09/tech/full_papers/porras/porras.pdf}},
 }