[nsp-sec] New conficker version?
SURFcert - Peter
p.g.m.peters at utwente.nl
Mon Feb 2 11:20:07 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Conficker is known to try a list of hard coded accounts and passwords to
access network drives. At the moment we seem to have found a new
version. This one accesses Active Directory for a list of accounts and
then uses these to try to access network drives. By brute forcing these
accounts users start to complain because their accounts get locked out.
That was the trigger that set us on a search for the infected system.
I am promised to get the binary some time tomorrow.
- --
Peter Peters
SURFcert Officer off Duty
cert at surfnet.nl http://cert.surfnet.nl/
office-hours: +31 302 305 305 emergency (24/7): +31 622 923 564
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJhx03elLo80lrIdIRAriVAJwNeano75NdOa/dJn2tiy3TbmUyVQCcDJEj
GUgUleFR3INPvMiIfollPLQ=
=1aR1
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list