Skip navigation.

Analysis of Conficker C

Phillip Porras, Hassen Saidi, and Vinod Yegneswaran from SRI has publicly posted an excellent overview of the Conficker malware. They even have a great analysis of the C variant as well. I highly recommend reading this excellent work.

"Conficker is one of a new interesting breed of self-updating worms that has drawn much attention recently from those who track malware. In fact, if you have been operating Internet honeynets recently, Conficker has been one very difficult malware to avoid. In the last few months this worm has relentlessly pushed all other infection agents out of the way, as it has infiltrated nearly every Windows 2K and XP honeypot that we have placed out on the Internet. From late November through December 2008 we recorded more than 13,000 Conficker infections within our honeynet, and surveyed more than 1.5 million infected IP addresses from 206 countries."

Conficker a,b, and C

That was a very comprehensive and details report. I highly recommend it as a thorough read in the full understanding of the Logic and pre-programming thats gone into this potential phenomenon.


Highly recommended read

Excellent analysis from the guys at SRI. Thanks for pointing me to it.

Excellent report

A very interesting read and quite comprehensive.

Learning to analyze of malware.

Reading that just inspires me more!

I am learning to analyze malware. so far i have vmware, ida pro, olly, sysinternals suite, backtrack, bintext, regshot, and netcat

I know that some malware acts up in virtual environment and that some malware has anti-debugging features.

My question is what are some other resources i can read/watch to learn more about how to properly setup a lab to further my knowledge in this area of analyzing malware.

Thank you!


conficker.e dissecting

Hi guys,
I have start to dissecting conficker.e. If you are interested some screen shots are shown on my blog: hxxp//

Feedback are well come