VirusDB.INFO

A Look Inside Conficker P2P Traffic

5 Apr 2009 Author: admin In: TrendLabs

Visualizations can often show researchers details that would otherwise take hours of staring at raw data to find. WORM_DOWNAD.KK has plenty to show us if we look in the right places. This post focuses on the various P2P channels.

The first set of graphs map each IP address (source and destination) found in the source pcap file onto a grid. Each IP address is first split into its 4 octets (A.B.C.D). The octets are plotted as points on each of the four vertical lines. Working from from left to right these lines align to an octet (A.B.C.D). Zero at the top, 255 at the bottom. The points are then connected with a line. The color of the line indicates the value range of the starting octet. Green for 0-64, Blue for 65-128, Pink for 129-192 and Yellow for 193-255. Each Graph shows a 1-hour snapshot of data.

Read the rest of this entry &raquo

0 Comments
Tags: 8s, Address Source, Cidr, Figure 1, Gaps, Graph, Graphs, Ip Address, Ip Space, Kk, Lan Traffic, Octet, Octets, P2p Protocol, Raw Data, Sample Taken From, Selection Algorithm, Single System, Snapshot, Vertical Lines, Worm

3988

5 Apr 2009 Author: admin In: ESET Threat Center

BAT/Agent.NBN, BAT/Autorun.AA, INF/Autorun, VBS/AutoRun.BY, Win32/Adware.Antivirus2008, Win32/Adware.AntiVirusAgentPro (2), Win32/Adware.WinPCDefender, Win32/Agent.BZAI, Win32/Agent.PCN, Win32/Agent.PDX, Win32/Agent.PDY (5), Win32/Agent.PDZ, Win32/Agent.PEA, Win32/Agent.PEB, Win32/Agent.PEC, Win32/Agent.PEE, Win32/Agent.PEF (3), Win32/Agent.PEG, Win32/AutoRun.Agent.MK (2), Win32/AutoRun.Agent.ML (4), Win32/AutoRun.FakeAlert.AF, Win32/AutoRun.FlyStudio.FL, Win32/AutoRun.FlyStudio.FM, Win32/AutoRun.FlyStudio.FN, Win32/Bagle.QX, Win32/BHO.NNE, Win32/BHO.NNT (2), Win32/Cakl.NAG, Win32/Cimag.Z, Win32/Delf.NSF (8), Win32/Delf.NSG (2), Win32/Delf.NSH (2), Win32/Delf.ODU, Win32/FlyStudio.NIW, Win32/Hexzone.AQ (3), Win32/Hupigon.NNM, Win32/Injector.MO, Win32/Mypis.AR (2), Win32/Olmarik.FT (3), Win32/Patched.AR, Win32/PSW.Agent.NKX (2), Win32/PSW.WOW.NJE (3), Win32/Qhost, Win32/Qhost.NIU, Win32/Spy.Banker.QEP, Win32/Spy.Banker.QKY (3), Win32/Spy.Zbot.NV, Win32/TrojanClicker.Delf.NFW, Win32/TrojanDownloader.Agent.BICO, Win32/TrojanDownloader.Agent.OZD (4), Win32/TrojanDownloader.Delf.ORZ, Win32/TrojanDownloader.Small.ONX, Win32/TrojanDownloader.Tiny.BZL (2), Win32/TrojanDropper.Agent.ALON, Win32/TrojanDropper.Agent.NXP, Win32/TrojanProxy.Agent.NFF, Win32/Wigon (2), Win32/Wigon.DC
Go to Source

0 Comments
Tags: Adware, Ar 2, Bagle, Bho, Bzl, Delf, Fn, Mk 2, Ml, Nfw, Nne, Nsf, Nsg, Onx, Orz, Pee, Peg, Qhost, Qx, Spy

Pages (689): « First ... « 624 625 626 627 628 629 630 » ... Last »

Entries (RSS)
Comments (RSS)

About this blog

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Quisque sed felis. Aliquam sit amet felis. Mauris semper, velit semper laoreet dictum, quam diam dictum urna, nec placerat elit nisl in quam. Etiam augue pede, molestie eget, rhoncus at, convallis ut, eros. Aliquam pharetra. Nulla in tellus eget odio sagittis blandit. Maecenas at nisl. Nullam lorem mi, eleifend a, fringilla vel, semper at, ligula. Mauris eu wisi.

Recent Comments
Recent Articles

VirusDB.INFO

A Look Inside Conficker P2P Traffic

3988

About this blog

Partner links

Categories

Archives

Links

Meta