

Overview of Confiker Variant C, the post-April 1st Virus - tdonia
http://mtc.sri.com/Conficker/addendumC/index.html

======
wallflower
I wonder if they should be looking at the problem from the domain registrar
software side - who is registering nonsensical domains (that can be
conficker'd up)

Also, based on the list of 23 auto-killed processes, an easy way to see if a
machine is conficker'd is to see if filemon or wireshark fail to execute.

------
tdonia
[http://mtc.sri.com/Conficker/addendumC/index.html#domain-
gen...](http://mtc.sri.com/Conficker/addendumC/index.html#domain-generation-
algorithm)

after looking at this, i can't help but to be curious as to what
DGA_random_function() & conficker_D_PRNG_function() actually do. if they're
not truly random then it seems like there'd be a way to determine which
domains would get hit first. how random can the average windows pc get?

