Select Page

The folks over at SRI have published an interesting additional information on Conficker.C.  Worth reading. Link here.

In this addendum report, we summarize the inner workings and practical implications of this latest malicious software application produced by the Conficker developers.   In addition to the dual layers of packing and encryption used to protect A and B from reverse engineering, this latest variant also cloaks its newest code segments, along with its latest functionality, under a significant layer of code obfuscation to further hinder binary analysis.   Nevertheless, with a careful mixture of static and dynamic analysis, we attempt here to summarize the internal logic of Conficker C.

Alex Eckelberry