On the surface, April 1 came and went without a peep from the dreaded Conficker megaworm. But security experts see a frightening reality, one where Conficker is now more powerful and more dangerous than ever.
On the surface, April 1 came and went without a peep from the dreaded Conficker megaworm. But security experts see a frightening reality, one where Conficker is now more powerful and more dangerous than ever.
Daniel
Saturday, April 4, 2009 at 11:24 PMSome minor corrections – Conficker.C does generate a list of 50,000 domains per day but it does not take them over. Each infected machine randomly selects 500 domains from the 50,000 generated, attempts to contact it and grab an update. Should none of those 500 work it goes back to sleep and tries again the next day using a newly generated set of 50,000 domains.
People are focusing far to much on the HTTP part of Conficker.C – It’s not actually needed to to update. Conficker.C has quite a sophisticated peer2peer system built in with push and pull capabilities. An updated could just as easily be pushed via this system.
For an indepth technical overview I suggest you read the SRI analysis of Conficker.C