![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
A brief capsule summary: Conficker update traffic has been detected on various networks; it’s now switched into a more active update mode in which, instead of checking 250 domains for updated code, it is using a set of 50,000 domains of which it tries a randomly selected 500 per day. So far, it does not appear that the Conficker creators have put up any update for Conficker to retrieve. There’s still no clue as to what the update will do when delivered, and no indication yet of any active use of the botnet.
Meanwhile, IBM has cracked the work’s P2P communication and developed a way for ISPs to detect infected customer machines by listening in on their P2P traffic.
Tags:
no subject