-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, Mar 29, 2009 at 5:16 PM, Richard Golodner <rgolodner@infratection.com> wrote:
Joe said earlier today:
Thanks, the only thing is that these, like most, websites are very vague about the mechanics behind the infiltration
Joe, the SRI report would be right up your alley as it is the most technical in its analysis of the variants A and B as well as an explanation of the algorithm it uses to determine domain names for future use of some kind.
Something folks might be interested in -- a way to detect Conficker-infected hosts in your network: https://www.honeynet.org/node/389 FYI, - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFJ0QDjq1pz9mNUZTMRAm7SAJ9MZo33Vok1uvyB4H7DML1gUKRlPQCggWtC bL4g6kI0sc75IDu/fYzv8yI= =HpOH -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/