Experiences with Conficker C Sinkhole Operation and Analysis presented at AUScert 2009

by John T Kristoff,

Summary : The Internet operations and security community has come together like never before to help thwart the threat of the Conficker worm. As revision 'C' of the worm was set to begin upgrading on April 1, 2009 and up to 50,000 domain names per day were due to be contacted by infected hosts, four sinkhole operators were part of the global effort to mitigate the threat. Team Cymru, operating one of these four sinkholes, will share our experiences in running a sinkhole, lessons learned and some analysis of the data captured.