Conficker update

[unixronin]

A brief capsule summary:  Conficker update traffic has been detected on various networks; it’s now switched into a more active update mode in which, instead of checking 250 domains for updated code, it is using a set of 50,000 domains of which it tries a randomly selected 500 per day.  So far, it does not appear that the Conficker creators have put up any update for Conficker to retrieve.  There’s still no clue as to what the update will do when delivered, and no indication yet of any active use of the botnet.

Meanwhile, IBM has cracked the work’s P2P communication and developed a way for ISPs to detect infected customer machines by listening in on their P2P traffic.

Comments

[databeast.livejournal.com]

yeah they've "cracked the code" it in terms of a reliable way to detect it. Well that's nothing, my version of that almost works too, and I'll be happy to share that with anyone once it does (I'm just using the already avilable information though to create my own implementation of looking for it).

ALl their press releases however seem to try and implicate they've "Cracked it and now have access to the content of all conficker's P2P traffic", which I call bullshit on.