Critical System Protection

 View Only
Back to Library

The Conficker Codex - A Comprehensive Guide to the Threat's Mechanics 

Mar 31, 2009 01:55 PM

This 37 page whitepaper is among the most comprehensive guides the the Conficker virus available.  Topics include:
Infection Stats
Propogation Schemes
Peer-to-peer payload distributions
A lock with no key
Advanced crypto protection
Propogation by AutoPlay
among many others.

Let us know what you think. 

Statistics
0 Favorited
0 Views
1 Files
0 Shares
0 Downloads
Attachment(s)
pdf file
the_downadup_codex_ed1.pdf   5.16 MB   1 version
Uploaded - Feb 25, 2020
 
Download

Tags and Keywords

Comments

Migration User
Aug 12, 2010 10:02 AM

Great review to get deeper into the threat... thanks for this. Nice work!

Migration User
May 28, 2009 06:35 AM

as per my knowledge it is version C

Migration User
May 22, 2009 12:43 AM

Hi team, just lost count... what is the latest W32.Downadup version out in the open?

Migration User
May 21, 2009 07:19 AM

yes you are right buddy; they need to make the document up to date;

but by the way document is crafted so beuatifully that it provides the granular details.

Migration User
May 21, 2009 07:17 AM

sometimes even after restart virus is not able to get off from the system; in such case what we need to do is to delete the virus files as mentioned in Symantec threat alert and then take the restart.

In my case i tried that solution and rest of the care was taken by the symantec

Migration User
May 04, 2009 12:00 AM

I am sure more solution would have come to remove conflicker. Seeking some ways. As sometimes the virus does not get removed and force us for reinstallation

Migration User
May 01, 2009 06:20 PM

Hi nel, yes it also has for unix and windows.

Migration User
Apr 30, 2009 12:40 AM

I just read the article just now and will recommend this to my peers.

@Paul Mapacpac: Is NTOP also good for Unix?
thanks.

shaun_b
Apr 29, 2009 06:07 PM

For those that have access to Symantec Deepsight, https://tms.symantec.com, there are additional whitepapers that go into some real granular details. This doc was pretty comprehensive too! 

Migration User
Apr 28, 2009 05:52 AM

 This is an excellent must read for all the security admins out there

Migration User
Apr 14, 2009 05:33 PM

The one we are using before to monitor traffic is NTOP.

http://en.wikipedia.org/wiki/Ntop

You could also use free personal firewall softwares/NTP of SEP to monitor attacks.

Migration User
Apr 14, 2009 12:18 AM

Wouldn't Wireshark or Zenmap be able to trace the traffic through the network. Checking on access points inside and outside the firewall. One to check the network traffic and the other to check the open ports.

Migration User
Apr 13, 2009 04:32 AM

Click on the link below. It will scan your firewall.
To bad this in dutch,
But I will help
If anything appears in red, then it is vulnerable.
Especially MSFT-DS should be green.
That is port 445.
This port should only be open for internal connects and definetly not for extren usage.

If it appears in red you could better reconfigure your router to block it.
http://spert.net/security/scan.php

Migration User
Apr 13, 2009 03:34 AM

Just curious.

Did the report missed a version or do they just don't like the letter D?
It just went from W32.Downadup.C to W32.Downadup.E
I also checked the virus dictionary and there is no D.

Migration User
Apr 13, 2009 12:28 AM

W32.Downadup.E is the latest variant for W32.Downadup family.

Hence the document need to be updated as new variant releases or else its not worth reading such documents. ;-(

Rgds,
SAM

Migration User
Apr 12, 2009 11:58 PM

This is one of the reason why Symantec Connect is very useful. A single document, clears all questions about the most intellignet threat of the internet so far.

Must read for anyone who is concerned with security.

Tejas

Edward Tippelt
Apr 01, 2009 04:24 AM

Hate the yellow pages though!!
By all means have the Symantec logo, but such large fields of yellow are not kind to the eyes.

Migration User
Mar 31, 2009 06:35 PM

We'll keep this document updated as changes occur to version "C" and beyond of the virus.  If you've got a question about how this virus works or propogates, etc., chances are you'll find your answer here.

Related Entries and Links

No Related Resource entered.