Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Addendum to SRI's Conficker C Analysis Published SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Addendum to SRI's Conficker C Analysis Published

SRI recently updated their Conficker C analysis with another addendum, this one covers Conficker C's P2P protocol and implementation.  Here's the abstract of the new addendum:

This report presents a reverse engineering of the obfuscated binary code image of the Conficker C peer-to-peer (P2P) service, captured on 5 March 2009 (UTC). The P2P service implements the functions necessary to bootstrap an infected host into the Conficker P2P network through scan-based peer discovery, and allows peers to share and spawn new binary logic directly into the currently running Conficker C process. Conficker's P2P logic and implementation are dissected and presented in source code form. The report documents its thread architecture, presents the P2P message structure and exchange protocol, and describes the major functional elements of this module.

As always, this is a GREAT report from the Malware Threat Center at SRI. 

Marcus H. Sachs
Director, SANS Internet Storm Center

Marcus

301 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!