Conficker.C and DNS

We have been working to track conficker’s dns queries in order to ¬†identify infected machines/network with conficker.c. Tracking a 50K DNS names and 500++ queries from each conficker is a bit troublesome when u have to record all the DNS queries (200M records/day) and compare it with 50K/day conficker.c domain names.:). The main idea of […]

Conficker: The other not so famous Variant A

There are lot more discussions are going on for Conficker variant C (ConfickerC) due to 1st April. Why 1st april?. The 1st april is the day ConfickerC should call home for updates. The domain name generator ¬†algorithm ¬†used by ConfickerC is making blocking or detecting live ConfickerC update servers is becoming harder when it will […]