Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering
Proceedings of the 16th ACM conference on Computer and communications security
Your botnet is my botnet: analysis of a botnet takeover
Proceedings of the 16th ACM conference on Computer and communications security
Scalable P2P Overlays of Very Small Constant Degree: An Emerging Security Threat
SSS '09 Proceedings of the 11th International Symposium on Stabilization, Safety, and Security of Distributed Systems
Extending black domain name list by using co-occurrence relation between DNS queries
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Conficker and beyond: a large-scale empirical study
Proceedings of the 26th Annual Computer Security Applications Conference
BotGrep: finding P2P bots with structured graph analysis
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Andbot: towards advanced mobile botnets
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Scalable Stealth Mode P2P Overlays of Very Small Constant Degree
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
JACKSTRAWS: picking command and control connections from bot traffic
SEC'11 Proceedings of the 20th USENIX conference on Security
Stegobot: a covert social network botnet
IH'11 Proceedings of the 13th international conference on Information hiding
Identifying botnets by capturing group activities in DNS traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
Towards detection of botnet communication through social media by monitoring user activity
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
iNetSec'11 Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security
Tracking DDoS attacks: insights into the business of disrupting the web
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Fluxing botnet command and control channels with URL shortening services
Computer Communications
System-Level support for intrusion recovery
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Survey and taxonomy of botnet research through life-cycle
ACM Computing Surveys (CSUR)
Leveraging honest users: stealth command-and-control of botnets
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
| Hi-index | 0.00 |
We present an in depth static analysis of the Conficker worm, primarily through the exploration of the client-side binary logic. In this paper, we summarize various aspects of the inner workings of binary variants A and B, which were the first in a chain of recent revisions aimed to keep this epidemic resistant to ongoing eradication attempts. These first two variants have combined to produce a multi-million node population of infected hosts, whose true main purpose has yet to be fully understood. We further validate aspects of our analysis through in-situ network analyses, and discuss some attribution links about its origins.