Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Conficker update with payload SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Conficker update with payload

Various sources report that some conficker infected systems are receiving updates now. The update may include a keylogger and other code to exfiltrate data. We will keep this diary updates as we hear more. The update is delivered using the P2P mechanism and not the (disfunct) web sites.

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute     Follow me on Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS Cloud Security Europe 2020

Johannes

3881 Posts
ISC Handler
Apr 9th 2009
If the sucker is really using port 5114,
your own statistics do not show something special,
regarding peaks.
Maybe I would like to misinterprete the peaks.
http://www.dshield.org/portgraph.html?_jpg_csimd=1&token=&start_month=1&start_day=1&start_year=2009&end_month=4&end_day=10&end_year=2009&port=5114&leftgraph=tcpratio&rightgraph=reports&range=Y&submit=Update

Anonymous

Sign Up for Free or Log In to start participating in the conversation!