DigTrace – Internet Security Source

Conficker Attacks UPnP

The Conficker worm behavior has been analyzed by many security professionals who have shared their findings with the community (the paper from SRI is a great example). One of the common findings is that Conficker will connect to the local route/gateway via UPnP and make changes to the firewall, if the firewall supports unauthenticated UPnP. If so, it uses UPnP to open a high numbered port in the firewall, allowing access to that port from the Internet.

Posted April 20th, 2009 under All Security Articles, Internet Security. Tags: conficker, hacking, Security & Hacking News, windows, worm. RSS 2.0 feed Responses are currently closed, but you can trackback from your own site.