Conficker update with payload
Various sources report that some conficker infected systems are receiving updates now. The update may include a keylogger and other code to exfiltrate data. We will keep this diary updates as we hear more. The update is delivered using the P2P mechanism and not the (disfunct) web sites.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute Follow me on Twitter
My next class:
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
×
Diary Archives
Comments
your own statistics do not show something special,
regarding peaks.
Maybe I would like to misinterprete the peaks.
http://www.dshield.org/portgraph.html?_jpg_csimd=1&token=&start_month=1&start_day=1&start_year=2009&end_month=4&end_day=10&end_year=2009&port=5114&leftgraph=tcpratio&rightgraph=reports&range=Y&submit=Update
Manuel
Apr 10th 2009
1 decade ago