Profile

unixronin: Galen the technomage, from Babylon 5: Crusade (Default)
Unixronin

Links

December 2012

S M T W T F S
      1
2345678
9101112131415
16171819202122
23242526272829
3031     

Navigation

Page Summary

Most Popular Tags

Expand Cut Tags

No cut tags

Conficker update

unixronin: A somewhat Borg-ish high-tech avatar (Techno/geekdom)
[personal profile] unixronin
Wednesday, April 1st, 2009 12:18 pm

A brief capsule summary:  Conficker update traffic has been detected on various networks; it’s now switched into a more active update mode in which, instead of checking 250 domains for updated code, it is using a set of 50,000 domains of which it tries a randomly selected 500 per day.  So far, it does not appear that the Conficker creators have put up any update for Conficker to retrieve.  There’s still no clue as to what the update will do when delivered, and no indication yet of any active use of the botnet.

Meanwhile, IBM has cracked the work’s P2P communication and developed a way for ISPs to detect infected customer machines by listening in on their P2P traffic.

  • Current Location: Gilford, New Hampshire
  • Current Music: Shriekback :::: The Dancing Years :::: Faded Flowers  [ddj]
Tags:
Flat | Top-Level Comments Only

[identity profile] databeast.livejournal.com
Wednesday, April 1st, 2009 10:05 pm (UTC)
ISS, acting like a bunch of lying cunts. Business as usual.

Different owners, same bullshit.

ext_85396: (Default)
[identity profile] unixronin.livejournal.com
Wednesday, April 1st, 2009 11:22 pm (UTC)
Oh? They haven't cracked it? Or they're taking credit for someone else's work?

[identity profile] databeast.livejournal.com
Wednesday, April 1st, 2009 11:50 pm (UTC)
ISS are a bunch of script kiddie shitbags.. I want third party verification that the shit works..

I'm working on my own detection of the P2P traffic, and so far I havent seen any need to 'crack' it.

Half the stories pushed from IBM imply they've got access to the P2P messages (bullshit), not just that they can reasonably detect it (I can do that now, just from the information already available)

[identity profile] databeast.livejournal.com
Wednesday, April 1st, 2009 11:53 pm (UTC)
Let's just say that their behaviour over the whole nondisclosure thing here, and the furious amount of weasel-words in it, make me believe that this is just more of ISS's standard "we are l33t3r th4n y0u' shit.

Kaminsky's work, implying their may be a sploit against conficker itself, was far more dangerous a public release than this ISS 'discovery'.

Still, if they publish complete technical details, I'll be prepared to eat my words.

[identity profile] ithildae.livejournal.com
Thursday, April 2nd, 2009 04:48 am (UTC)
At one point, we were talking about having IBM do some work for the company I was working for. The sales and technical folk they sent out to gather specs never did understand the problem, let alone how we needed it fixed. We sent them packing. They seem to always be losing their best people.

ext_85396: (Default)
[identity profile] unixronin.livejournal.com
Thursday, April 2nd, 2009 12:38 pm (UTC)
That bodes ill for Sun...

[identity profile] databeast.livejournal.com
Thursday, April 2nd, 2009 01:54 pm (UTC)
yeah they've "cracked the code" it in terms of a reliable way to detect it. Well that's nothing, my version of that almost works too, and I'll be happy to share that with anyone once it does (I'm just using the already avilable information though to create my own implementation of looking for it).

ALl their press releases however seem to try and implicate they've "Cracked it and now have access to the content of all conficker's P2P traffic", which I call bullshit on.


Flat | Top-Level Comments Only