|
Tuesday, 24 February 2009 06:02 |
The conclusion of my previous blog posed an interesting question to readers: ?...seeing as the list of the future domains was publicly disclosed on the Web, why hadn?t any other cyber criminals taken advantage of the predictions?? Antivirus companies and many independent security researchers were able to crack the domain prediction algorithm used by the worm, so it is reasonable to believe that other people were able to achieve the same result, but with different intentions.
Source : https://forums.symantec.com/t5/Malicious-Code/Downadup-Advanced-Crypto-Protection/ba-p/391311 |
|
Tuesday, 24 February 2009 01:28 |
Over the last few days many reports have emerged concerning a new variant of Downadup (a.k.a. Conficker), which has been dubbed Downadup.B++ or Conficker.C. While one could categorize Downadup into three variants (or even more), Symantec products will detect all known variants of Downadup as either Downadup.A or Downadup.B.
Source : https://forums.symantec.com/t5/Malicious-Code/A-New-Downadup-Variant/ba-p/391186 |
|
Thursday, 19 February 2009 19:06 |
Back in 2008, the infamous MBR rootkit (a.k.a. Mebroot or Sinowal) proved to be one of the most complicated pieces of malicious code ever seen. Clearly written by professional developers, the Mebroot rootkit has pushed stealth technologies to an extreme level in order to support a bigger criminal project.
Source : https://forums.symantec.com/t5/Malicious-Code/MBR-Rootkit-paper-from-VB2008/ba-p/390109 |
|
Thursday, 19 February 2009 03:22 |
While Downadup?s RPC exploit method of spreading has been highlighted in several recently posted blog articles, the worm spreads via other methods as well. One of the potentially more noticeable methods is through network shares, especially in enterprise environments.
Source : https://forums.symantec.com/t5/Malicious-Code/Downadup-Locking-Itself-Out/ba-p/389837 |
Security Alerts 
