QOTD on Conficker

The more advanced malware doesn't take orders until the orders are signed. MD6 within Conficker is exactly for this. The only party with secret keys are the worm's authors.

This wasn't just an existing gang writing yet another worm, this was guys who were thinking differently. Maybe they'll never return to their bot, but they could be waiting for us to pay less attention to it. They know that it will not be monitored forever.

-- Mikko Hyppönen, Chief Research Officer at F-Secure Corp.
Src: Security researchers continue hunt for Conficker authors | SearchSecurity.com

No comments: