Powered by Max Banner Ads 

We captured some logs from Conficker which illustrate what it does.

The first screen shows the Conficker C variant and its well documented update mechanism through DNS queries.

dns

Second screens shows some interesting P2P traffic, using the TCP protocol and the Kazaa network.

tcp

The IP sending those packets is located in China, registered under the “CNC Group Chongqing Province Network”.

The latest Conficker variant shows how well the Conficker infected nodes can communicate.

Jerome

Share and Enjoy:
  • Digg
  • Bumpzee
  • del.icio.us
  • Facebook
  • Furl
  • Mixx
  • NewsVine
  • Reddit
  • StumbleUpon
  • YahooMyWeb
  • Google Bookmarks

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.