http://mtc.sri.com/Conficker/

http://mtc.sri.com/Conficker/<br>

Conficker B uses a different set of sites to query its external-facing IP address www.getmyip.org, www.whatsmyipaddress.com, www.whatismyip.org, checkip.dyndns.org.&nbsp; It does not download the fraudware Antivirus XP software that version A attempts to download.&nbsp;&nbsp; Conficker's propagation methods vary among A and B and are described in Section <a href="http://mtc.sri.com/Conficker/#Propagation"><span style="text-decoration: underline ; color: #0014db">Conficker Propagation</span></a>.&nbsp; Furthermore, a recent analysis by Symantec has uncovered that the GeoIP file is directly embedded in the Conficker B binary as a compressed RAR (Roshal archive) file encrypted using RC4 [<a href="http://mtc.sri.com/Conficker/ref-11"><span style="text-decoration: underline ; color: #0014db">11</span></a>].&nbsp;&nbsp;