Adam Pilbeam
This presentation is the property of its rightful owner.
Sponsored Links
1 / 9

CyberPatriot Advanced Topics: A Look At Conficker PowerPoint PPT Presentation


  • 50 Views
  • Uploaded on
  • Presentation posted in: General

Adam Pilbeam Network Engineer [email protected] Everis Inc http://www.EverisInc.com (315)-370-1535. CyberPatriot Advanced Topics: A Look At Conficker. Agenda. Background Timeline Viral Damage Propagation Defense. 2. Background:. What is Conficker? Computer virus (worm)

Download Presentation

CyberPatriot Advanced Topics: A Look At Conficker

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Cyberpatriot advanced topics a look at conficker

Adam Pilbeam

Network Engineer

[email protected]

Everis Inc

http://www.EverisInc.com

(315)-370-1535

CyberPatriot Advanced Topics:

A Look At Conficker


Cyberpatriot advanced topics a look at conficker

Agenda

  • Background

  • Timeline

  • Viral Damage

  • Propagation

  • Defense

2


Cyberpatriot advanced topics a look at conficker

Background:

  • What is Conficker?

    • Computer virus (worm)

    • Effects Microsoft Windows Operating Systems

    • Propagates either through direct attack or via P2P

    • Capable of blocking/disabling some antivirus

Everis Internal Presentation


Cyberpatriot advanced topics a look at conficker

Timeline

  • Conficker Timeline

    • Nov. 21, 2008

      • Conficker.A released – propagates using OS exploits

    • Dec. 29, 2008

      • Conficker.B – propagates via OS exploits and password and fileshare exploits.

Everis Internal Presentation


Cyberpatriot advanced topics a look at conficker

Timeline Continued

  • Feb. 20, 2009

    • Conficker.C Released

  • Mar. 4, 2009

    • Conficker.D Released

  • Apr. 8, 2009

    • Conficker.E Released

Everis Internal Presentation


Cyberpatriot advanced topics a look at conficker

Viral Damage

  • Infected System Impact

    • Conficker attempts to infect other systems

      • Uses MS Windows exploits (patched in 2008)

    • Contacts websites using algorithm-generated domain names for updates

    • Disable security-related software

Everis Internal Presentation


Cyberpatriot advanced topics a look at conficker

Propagation

  • Early versions of Conficker (A,B) propagated by attacks utilizing operating system exploits.

  • Later versions could reach out to upgrade systems with the earlier version, but would not seek to infect clean systems.

Everis Internal Presentation


Cyberpatriot advanced topics a look at conficker

Defensive

  • Pre-empt unregistered domains used for Conficker propagation

  • Redirect “evil” domains to controlled network honeypots to study Conficker operations.

  • Update security software / operating system to combat exploits and remove worm from systems.

Everis Internal Presentation


Cyberpatriot advanced topics a look at conficker

Thanks

  • Thanks to:

    • Central NY ISSA for providing time to the CyberPatriot documentation project

      • www.issa.org

    • Everis Inc. for hosting, technical support, experienced staff and more

      • www.everisinc.com

    • Griffiss Institute for providing space and support

      • http://www.griffissinstitute.org/

    • Rome AFRL for their support of STEM

      • http://www.wpafb.af.mil/afrl/ri/

9


  • Login