[ insider_reports_insider ]
The Resurrection Of Conficker
SecurityProNews
Staff Writer
2009-04-09
 Insider Reports RSS Feed
Just a week after the April Fools Day hysteria surrounding Conficker.C, most have forgotten and gone on. Security researchers, however, have not, and have noted more activity and a possible connection to the spambot Waledac.
 | | The Resurrection Of Conficker |  |
Yesterday, researchers at both TrendMicro and Symantec noticed new activity from a Conficker variant they've now labeled Conficker.E. The new variant spreads via peer-to-peer to update machines infected by earlier variants.
The activity they are witnessing also seem fairly benign. Conficker connects to major websites like MySpace, MSN, eBay, CNN, and AOL to get a simple time update.
Whereas the .C variant made burrowed its way into several areas of a computer to disable security communications and removal tools, the .E variant includes a previously unseen self-removal functionality to erase all traces of its presence from the infected host.
Strangely, it will do so on May 3, 2009, giving us yet another date to pay attention to. TrendMicro traced the worm to sources somewhere in Korea, and noted a possible connection to Waledac, one of the world's most active spambots.
Symantec confirms an apparent connection to Waledac, and suspects Conficker.C was instrumental in distributing Waledac, which "steals sensitive information, turns computers into spam zombies, and establishes back door remote access.
Because Waledac is a reiteration of the famed Storm botnet, researchers also suspect all three pieces of malware are connected, perhaps created by the same cybercriminal source.
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
