Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conficker Question


  • Please log in to reply
7 replies to this topic

#1 pntblltrc4

pntblltrc4

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 03 December 2010 - 12:09 AM

I am working on a research project, and the evil Conficker is the course of my study. Anyways I am attempting to find a list of all the infection names that Conficker populates. After doing some intensive Googling, the only thing I found is random file name. I find it hard to believe there is no documentation of all the Conficker file names. Is there anyone that can help me with my dilemma? I would greatly appreciate it.

Thanks Alot Everyone

Aaron

Edited by hamluis, 03 December 2010 - 08:01 AM.
Moved from XP forum to General Chat ~ Hamluis.

Isaiah 54:17
No weapon that is formed against thee shall prosper; and every tongue [that] shall rise against thee in judgment thou shalt condemn. This [is] the heritage of the servants of the LORD, and their righteousness [is] of me, saith the LORD.

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:29 PM

Posted 03 December 2010 - 01:03 AM

Does "research project" translate to "home work assignment"? :whistle:

I just did a quick Google and immediately found three names for this worm.

Conficker, also known as Downup, Downadup and Kido...

Edited by dc3, 03 December 2010 - 01:08 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 pntblltrc4

pntblltrc4
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 03 December 2010 - 07:59 AM

I like the term research.. i feels so less frusterating as homwork lol. Any who thanks for the quick response. What I am looking for is like the actual infected file names like axcb.dll. The names you sent were the antivirus companies generic naming to them.
Thanks for trying though
Isaiah 54:17
No weapon that is formed against thee shall prosper; and every tongue [that] shall rise against thee in judgment thou shalt condemn. This [is] the heritage of the servants of the LORD, and their righteousness [is] of me, saith the LORD.

#4 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:12:29 AM

Posted 03 December 2010 - 01:50 PM

I'm just curious, is this research assignment spawned by your major or scholarly endeavors? Are you a computer science major?

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#5 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 PM

Posted 03 December 2010 - 02:26 PM

As Dc3 stated.

Other then the names he mentioned, perhaps a few others given it by various AV\AS\AM companies. There are no set names for it or created by it. "Random" is the best you are going to find.

Most newer viruses now use this exact random named scheme. Makes it harder to find the original source\type of infection. Except perhaps to the very trained eye that know exactly what to look for and where to look for it.

#6 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:11:29 PM

Posted 03 December 2010 - 08:18 PM

Conficker creates a random named file in %windir%\System32 folder. For example, C:\Windows\System32\zxtyf.dll.
The name is randomly chosen, so you cannot search Google for anything like that

EDIT:
Okay I read your post and saw that you already know about random name. So what are you asking about?
Conficker does not even choose a fixed number of characters or extension in file name. The name can be foo.dll or pefgcp.x. So there is a huge number of possible file names.

Edited by Romeo29, 03 December 2010 - 08:23 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:29 AM

Posted 03 December 2010 - 09:25 PM

http://www.mcafee.com/us/threat_center/conficker.html

http://vil.nai.com/vil/content/v_153464.htm

http://download.nai.com/products/mcafee-avert/documents/combating_w32_conficker_worm.pdf
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 pntblltrc4

pntblltrc4
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 03 December 2010 - 10:59 PM

No collegial studying done here. I work on virus mitigation for work and am just attempting to expand my knowledge of how these evil suckers work. I just found it interesting that its coded to have a random file name and not just a long bank that it pulls from.

Thanks Everyone for your quick responses.

Aaron
Isaiah 54:17
No weapon that is formed against thee shall prosper; and every tongue [that] shall rise against thee in judgment thou shalt condemn. This [is] the heritage of the servants of the LORD, and their righteousness [is] of me, saith the LORD.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users