April 1st coming up - conficker time
Ryan Rix
phrkonaleash at gmail.com
Tue Mar 31 08:39:00 MST 2009
Anyone still have their Y2K kits lying around?
On Mon, Mar 30, 2009 at 10:00 PM, Charles Jones <
charles.jones at ciscolearning.org> wrote:
> On April 1st the Conficker.C virus (probably the most virulent MSWin
> virus to date) is due to "activate". By activate I mean that thusfar it
> has been just spreading itself, but once the host time reaches April 1,
> it will begin attempting to contact 50,000 randomly generated domain
> names per day, looking for a host to download an update from. What this
> update will be, nobody knows. It could be anything from new improved
> code, to deleting the hard disk, to popping up a picture of a LOLcat and
> uninstalling itself.
>
> Why would linux folks care about a windows virus? Because if you have
> any infected windows machines on your network, this virus can cause
> excessive traffic as it tries to locate a payload update, not to mention
> the network scanning it does in attempts to infect other hosts.
>
> Here is some information on this nasty bugger:
>
> http://en.wikipedia.org/wiki/Conficker
>
> Here you can find a python script and also a version of nmap specially
> designed to located infected machines: http://www.doxpara.com/?p=1294
>
> Here is an excellent paper on Conficker:
> http://www.honeynet.org/papers/conficker/
> Direct link to the PDF: http://www.honeynet.org/files/KYE-Conficker.pdf
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss<http://lists.plug.phoenix.az.us/mailman/listinfo/plug-discuss>
>
--
Thanks and best regards,
Ryan Rix
TamsPalm - The PalmOS Blog
(623)-239-1103 <-- Grand Central, baby!
Jasmine Bowden - Class of 2009, Marc Rasmussen - Class of 2008, Erica
Sheffey - Class of 2009, Rest in peace.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090331/3fea7a30/attachment.htm
More information about the PLUG-discuss
mailing list