Wireshark Logs From Conficker
We captured some logs from Conficker which illustrate what it does.
The first screen shows the Conficker C variant and its well documented update mechanism through DNS queries.
Second screens shows some interesting P2P traffic, using the TCP protocol and the Kazaa network.
The IP sending those packets is located in China, registered under the “CNC Group Chongqing Province Network”.
The latest Conficker variant shows how well the Conficker infected nodes can communicate.
Jerome
Related posts:
- Conficker Menace, Part IV – Is Conficker Just a Hype? Powered by Max Banner Ads While the whole Silicon Valley...
- Conficker Alive and Well With New Variant Update via P2P Powered by Max Banner Ads Researchers at Trend Micro have...
- Conficker Menace, Part III – Protection Against Conficker C Powered by Max Banner Ads The impact of the Conficker...
- Conficker Menace Part I – What Is All the Hype About? Powered by Max Banner Ads Conficker C virus was dismissed...
- Conficker / Downadup / Kido to Get Nastier on April 1st?? Powered by Max Banner Ads The Conficker worm, also known...
Related posts brought to you by Yet Another Related Posts Plugin.
Leave a Reply