Re: The Confiker Virus.

["David W. Hankins" <David_Hankins () isc org>]

On Wed, Apr 01, 2009 at 10:01:29AM -0600, Jason Iannone wrote:
> What's the virus doing with all of those domain names?

Paul Vixie gave a presentation at the IEPG meeting before IETF 74.  I
don't think the IEPG meeting notes are up yet (they would be very
informative if they were)...I don't pretend to be an expert, but my
understanding based on that presentation is that the DNS is used for
C&C of the botnet.

Its owner only needs one of those domain names to be registered to
give out orders.  If they only used one, it would be relatively easy
to shut them down.  They use so many so that, when the good guys
bust in the door and shut down the C&C domain/hosting, they can just
open up shop somewhere else like nothing happened.

Not entirely unlike terrorist cells.

-- 
David W. Hankins        "If you don't do it right the first time,
Software Engineer                    you'll just have to do it again."
Internet Systems Consortium, Inc.               -- Jack T. Hankins

Attachment: _bin
Description: