[nsp-sec] Fwd: Conficker Remediation Effort (try this again)
Smith, Donald
Donald.Smith at qwest.com
Sun Mar 29 13:28:37 EDT 2009
They lookups won't fail, they SHOULD be directed to one of a set of sink holes for the most part.
Donald.Smith at qwest.com<mailto:Donald.Smith at qwest.com>
Please cc the handlers to keep them all in the loop.
________________________________
From: nsp-security-bounces at puck.nether.net [nsp-security-bounces at puck.nether.net] On Behalf Of Russell Fulton [r.fulton at auckland.ac.nz]
Sent: Sunday, March 29, 2009 10:58 AM
To: nsp-security at puck.nether.net
Subject: [nsp-sec] Fwd: Conficker Remediation Effort (try this again)
----------- nsp-security Confidential --------
Begin forwarded message:
>
> 4/1 should be a MAJOR non-event:) Lets make it conficker clean up
> day instead but without the hype.
>
Agreed.
One thought I had is that the 4/1 change should make it easier to spot
conficker infections based on DNS traffic. Presumably they will need
to do a lot of look ups that fail. Has anyone looked at this? We
have an CS MSc student looking at DNS responses so I thought I might
throw this one his way.
Russell
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list