[ insider_reports_insider ]
Conficker Becomes Downdac, A Waledac Zombie
SecurityProNews
Staff Writer
2009-04-15
 Insider Reports RSS Feed
Security researchers are honing in on the mysterious Conficker worm, also known as Downad, and their analysis is showing a definite connection with Waledac, a spam botnet reincarnation of Storm, with the end goal of infecting computers with a fake anti-virus Trojan, also known as "scareware" or "rogueware."
 | | Conficker Becomes Downdac, A Waledac Zombie |  |
The sexiness of the Conficker story wore off after April 1st came and went, and subsequently mass hysteria on your TV (at least regarding this particular subject) vanished. About a week after the let down, Conficker.E came alive after all, but instead of communicating directly with the 50,000 URLs, it wormed its around cyberspace via peer-to-peer networks.
Another component digs around for exploitable machines and drops a nasty little payload in Windows Registry and hides itself much like how rootkits hide themselves on machines. Once on the machine, the new virus connects to a malicious URL for an encryption download.
And thus is born what TrendMicro is calling Downdac.A, a hybrid of Downad and Waledac, which turns the infected machine into a zombie under the control of the botnet and causes it to download fake antivirus software called Spyware Protect 2009.
"Waledac is a notorious spammer, and is also known for injecting information-stealer codes. FakeAV, meanwhile scares users into buying their ‘security' products by faking infection symptoms, and lately, by employing crimeware routines as well," write Trend Micro's Paul Ferguson and Ivan Macalintal.
Curiously, the whole process has an end date of May 3rd, but researchers are at a loss as to what might happen then.
View All Articles by SecurityProNews
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
