{"id":275,"date":"2009-03-31T21:12:31","date_gmt":"2009-04-01T02:12:31","guid":{"rendered":"https:\/\/dillernet.com\/apple\/?p=275"},"modified":"2009-08-09T20:40:42","modified_gmt":"2009-08-10T01:40:42","slug":"conficter","status":"publish","type":"post","link":"https:\/\/dillernet.com\/apple\/2009\/03\/31\/conficter\/","title":{"rendered":"Conficter- sick"},"content":{"rendered":"<p><a href=\"http:\/\/mtc.sri.com\/Conficker\/\">Next, Conficker A <\/a> enters an infinite loop, within which it generates a list of 250 domain names (rendezvous points).  The name-generation function is based on a randomizing function that it seeds with the current UTC system date.  The same list of 250 names is generated every 3 hours, i.e., 8 times per day.  All Conficker clients, with system clocks that are at minimum synchronized to the current UTC date, will compute and attempt to contact the same set of domains. When contacting a domain for which a valid IP address has been registered, Conficker clients send a URL request to TCP port 80 of the target IP, and if a Windows binary is returned, it will be validated via a locally stored public key, stored on the victim host, and executed.  If the computer is not connected to the Internet, then the malicious code will check for connectivity every 60 seconds.  When the computer is connected, Conficker A will execute the domain name generation subroutine, contacting every registered domain in the current 250-name set to inquire if an executable is available for download.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Next, Conficker A enters an infinite loop, within which it generates a list of 250 domain names (rendezvous points). The name-generation function is based on a randomizing function that it seeds with the current UTC system date. The same list of 250 names is generated every 3 hours, i.e., 8 times per day. All Conficker [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[3],"tags":[],"class_list":["post-275","post","type-post","status-publish","format-standard","hentry","category-interesting"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p3PE01-4r","jetpack-related-posts":[{"id":183,"url":"https:\/\/dillernet.com\/apple\/2007\/07\/18\/xen-domains-rhel-and-networking\/","url_meta":{"origin":275,"position":0},"title":"Xen Domains, RHEL and Networking","author":"dillera","date":"July 18, 2007","format":false,"excerpt":"At the office I'm deploying some new servers using Xen domains running under RHEL 5.0. We use RHEL 4.4 for our systems, and so re-deploying some of them as RHEL 4.5 (the Xen-kernel enabled version) Domains saves hardware space, money and keeps the server room cooler. Many dev servers are\u2026","rel":"","context":"In &quot;Linux&quot;","block_context":{"text":"Linux","link":"https:\/\/dillernet.com\/apple\/category\/linux\/"},"img":{"alt_text":"xen_image.jpeg","src":"https:\/\/i0.wp.com\/dillernet.com\/apple\/wp-content\/uploads\/2007\/07\/xen-image.jpeg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":80,"url":"https:\/\/dillernet.com\/apple\/2005\/12\/14\/bookmarks-cracked-on-770\/","url_meta":{"origin":275,"position":1},"title":"Bookmarks Cracked on 770","author":"admin","date":"December 14, 2005","format":false,"excerpt":"I figured out how to manipulate the bookmarks for the Opera on the Nokia 770. They are stored in XBEL format. More later as I perfect this. You can export XBEL formatted bookmarks right out of Firefox with the Bookmarks Synchronizer-- that is the key. Go here to get a\u2026","rel":"","context":"In &quot;Nokia 770&quot;","block_context":{"text":"Nokia 770","link":"https:\/\/dillernet.com\/apple\/category\/nokia-770\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":172,"url":"https:\/\/dillernet.com\/apple\/2007\/07\/14\/asus-eee-pc-250-linux-laptop\/","url_meta":{"origin":275,"position":2},"title":"Asus Eee PC $250 Linux Laptop","author":"dillera","date":"July 14, 2007","format":false,"excerpt":"$250, 16Gb flash drive, 512Mb RAM, 7\" LCD, 2 lb., full keyboard. Runs Linux. Has Firefox and Openoffice, Skype. 3 USB ports, VGA out, SD card reader, ethernet, wifi, webcam. Linux. On sale worldwide in August from Asus. Is this going to be a hit or what? I'll pick one\u2026","rel":"","context":"In &quot;Interesting&quot;","block_context":{"text":"Interesting","link":"https:\/\/dillernet.com\/apple\/category\/interesting\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":693,"url":"https:\/\/dillernet.com\/apple\/2018\/04\/29\/first-post-14-years-ago\/","url_meta":{"origin":275,"position":3},"title":"Syncing Apple Archaeology","author":"dillera","date":"April 29, 2018","format":false,"excerpt":"The first post to my Syncing Apple blog was 14 years ago. It was about my G5 desktop rebooting on me. Not incredibly long ago for many people, but looking back at many of my postings the time from 2004-2010 was filled with many exciting advances in both OS and\u2026","rel":"","context":"In &quot;Computing&quot;","block_context":{"text":"Computing","link":"https:\/\/dillernet.com\/apple\/category\/computing\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/dillernet.com\/apple\/wp-content\/uploads\/2018\/04\/Syncing-Apple-2003-02-05_forweb.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/dillernet.com\/apple\/wp-content\/uploads\/2018\/04\/Syncing-Apple-2003-02-05_forweb.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/dillernet.com\/apple\/wp-content\/uploads\/2018\/04\/Syncing-Apple-2003-02-05_forweb.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/dillernet.com\/apple\/wp-content\/uploads\/2018\/04\/Syncing-Apple-2003-02-05_forweb.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":1055,"url":"https:\/\/dillernet.com\/apple\/2024\/11\/14\/mactcp-done-right\/","url_meta":{"origin":275,"position":4},"title":"MacTCP Done Right","author":"dillera","date":"November 14, 2024","format":false,"excerpt":"After many months of dancing with MacTCP again (first round was decades ago of course) I decided to do it Right and get to the latest most patchiest version to see if it would help with some issues I\u2019m having. What issues do I have with MacTCP in 2024? And\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/dillernet.com\/apple\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/dillernet.com\/apple\/wp-content\/uploads\/2024\/11\/macPlus-tcpip.jpeg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/dillernet.com\/apple\/wp-content\/uploads\/2024\/11\/macPlus-tcpip.jpeg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/dillernet.com\/apple\/wp-content\/uploads\/2024\/11\/macPlus-tcpip.jpeg?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":139,"url":"https:\/\/dillernet.com\/apple\/2007\/03\/25\/blog-changes-and-updates\/","url_meta":{"origin":275,"position":5},"title":"Blog Changes and Updates","author":"dillera","date":"March 25, 2007","format":false,"excerpt":"So it's been a while since I've posted here- but it's nothing I'm sure you haven't read on dozens of other blogs. I'm in a gadget deficit, and I switched jobs to one that keeps me much busier than I was before. I'm now working back in an office, for\u2026","rel":"","context":"In &quot;Interesting&quot;","block_context":{"text":"Interesting","link":"https:\/\/dillernet.com\/apple\/category\/interesting\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/dillernet.com\/apple\/wp-json\/wp\/v2\/posts\/275","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dillernet.com\/apple\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dillernet.com\/apple\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dillernet.com\/apple\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dillernet.com\/apple\/wp-json\/wp\/v2\/comments?post=275"}],"version-history":[{"count":3,"href":"https:\/\/dillernet.com\/apple\/wp-json\/wp\/v2\/posts\/275\/revisions"}],"predecessor-version":[{"id":291,"href":"https:\/\/dillernet.com\/apple\/wp-json\/wp\/v2\/posts\/275\/revisions\/291"}],"wp:attachment":[{"href":"https:\/\/dillernet.com\/apple\/wp-json\/wp\/v2\/media?parent=275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dillernet.com\/apple\/wp-json\/wp\/v2\/categories?post=275"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dillernet.com\/apple\/wp-json\/wp\/v2\/tags?post=275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}