It so happens that finally am doing my favorite crypto and security stuff. I ended up investigating the Conficker (aka Kido or Downadup) worm which is successfully nearing its second birthday. It has undergone several revisions (guess the latest is G). I should say this is one worm that has impressed me with its use of latest crypto techniques (it uses MD6!), extreme code obfuscations and what not. I'm sure there is a extraordinarily brilliant geek group behind this.
It is still not clear what it is set out to do. For now, it just occupies unpatched Windows machines and keeps multiplying. I'm not aware of any kind of malicious behavior from this worm so far. But since it uses P2P technique to spread itself, it is an interesting area of research to try and curb this worm before it starts its nasty attacks.
I find new information every day about this revolutionary worm. It shows how intelligently one can devise malware. Lets see if I get something interesting on this worm in the next few months!
Until we meet again,
-Srini-
Friday, October 23, 2009
Subscribe to:
Posts (Atom)
