Conficker: Only botnet to use public key crypto?

12 Oct 2010

Virus Bulletin posted their slides from VB2010 finally (not all, but a lot), and most are not too interesting, and some of the links are broken. I found the paper for the digital signature presentation and it states "Conficker is the only botnet to date to use public key cryptography as a means to securely deliver command and control (C&C) actions as well as to update to newer versions." Really? I guess it makes sense if people are able to bring down various botnets, but you'd think the bad guys would do this by now.