Posts Tagged Conficker
DDoS Attack Target Swedish Police Network
Posted by Mourad Ben Lakhoua in Cybercrime, Web Security on November 2, 2009
According to thelocal news Swedish police website was subject for a DDoS attack last week. The result of this attack was a complete disrupt of the official website.
On the High traffic the server can treat about 800 requests per second but during the attack they detected about 400 thousand requests per second which is 5 times more than the normal high traffic.
The number of DDoS-attack has significantly increased to become one of the biggest threats on Internet, by looking at the history the beginning of DDoS attacks were mainly directed to disrupting IRC servers, but on 1997 there were a vulnerability on Microsoft windows TCP/IP that allowed hackers to send a lot of packets using several tools and dosing remote systems, another popular incident were on 2000 by turning down web service for many popular websites like YAHOO ,CNN, eBay and others, October 2002 Root DNS servers experienced a DDoS attack to make 7 of the 13 main servers out of service. And now we are seeing a lot of distributed denial of service (DDoS) attacks against social networking website like Twitter and Facebook…
Stopping DDoS attack depends on the whole internet community by protecting your machine from malware that could be used to run these attacks, the most popular Botnet’s are:
Conficker 10 million + Machine.
Kraken – 495 Thousand Machine.
Srizbi – 315 Thousands Machine.
Bobax – 185 Thousands Machine.
Rustock – 150 Thousands Machine.
Storm – 85 Tousands Machine.
make sure you subscribe to my RSS feed!
Conficker wakes up, updates via P2P, drops payload
Posted by Mourad Ben Lakhoua in News, Vulnerabilities & attacks on April 9, 2009
The Conficker worm is finally doing something–updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.
Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is a keystroke logger or some other program designed to steal sensitive data off the machine, said David Perry, global director of security education at Trend Micro.
The software appeared to be a .sys component hiding behind a rootkit, which is software that is designed to hide the fact that a computer has been compromised, according to Trend Micro. The software is heavily encrypted, which makes code analysis difficult, the researchers said.
The worm also tries to connect to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com as a way to test that the computer has Internet connectivity, deletes all traces of itself in the host machine, and is set to shut down on May 3, according to the TrendLabs Malware Blog.
Because infected computers are receiving the new component in a staggered manner rather than all at once there should be no disruption to the Web sites the computers visit, said Paul Ferguson, advanced threats researcher for Trend Micro.
[Source: CNET]
Honeynet Project Discovered a hole in Conficker
Posted by Mourad Ben Lakhoua in News on March 31, 2009
Researchers at The Honeynet Project has discovered a vulnerability in the Conficker that makes it easy to detect,The Conficker adds changes in Windows that can be detected remotely by using a various scanning methods which is already integrated into different popular scanning tools.
Members of the Honeynet Project founded that conficker infected host’s respond with error code for some specially crafted RPC messages, now you can find the detection methods that can be used to contain Conficker’s impact in the update and modified version of the scanners (Nessus, ncircle, Qualys and Nmap).
“Know your enemy and know yourself and you can fight a hundred battles without disaster” (Sun Tzu) .So go a head and check your networks against Conficker.
Conficker.C Overview
Posted by Mourad Ben Lakhoua in News on March 26, 2009
Researchers at SRI International updated their Conficker paper. They have provided a very useful analysis of the Conficker malware.
The last variant of Conficker, referred to as Conficker C leaves as little as 15% of the original B code base untouched the main purpose of the Conficker is to provide the authors with a secure binary updating service that effectively allows them instant control of millions of PCs worldwide.
Through the use of these binary encryption methods, Conficker’s authors have taken care to ensure that other groups cannot upload arbitrary binaries to their infected drone population, and these protections cover all Conficker updating services: Internet rendezvous point downloads, buffer overflow re-exploitation, and the latest P2P control protocol.
Conficker authors have devised a sophisticated encryption protocol that is generally robust to direct attack. All three crypto-systems employed by Conficker’s authors (RC4, RSA, and MD-6) also have one underlying commonality and the discovery of MD-6 in Conficker B is indeed highly unusual given Conficker’s own development time line.
Source: [SRI International]
SUBSCRIBE
