Conficker is still on the loose. Just be careful when you share P2P. You might as well be careful than be sorry later.
Here's the news from CNET:
The Conficker worm is finally doing something--updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.
Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is a keystroke logger or some other program designed to steal sensitive data off the machine, said David Perry, global director of security education at Trend Micro.
The software appeared to be a .sys component hiding behind a rootkit, which is software that is designed to hide the fact that a computer has been compromised, according to Trend Micro. The software is heavily encrypted, which makes code analysis difficult, the researchers said.
The worm also tries to connect to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com as a way to test that the computer has Internet connectivity, deletes all traces of itself in the host machine, and is set to shut down on May 3, according to the TrendLabs Malware Blog.
Because infected computers are receiving the new component in a staggered manner rather than all at once there should be no disruption to the Web sites the computers visit, said Paul Ferguson, advanced threats researcher for Trend Micro.
"After May 3, it shuts down and won't do any replication," Perry said. However, infected computers could still be remotely controlled to do something else, he added.
Don't Miss
On Tuesday night Trend Micro researchers noticed a new file in the Windows Temp folder and a huge encrypted TCP response from a known Conficker P2P IP node hosted in Korea.
"As expected, the P2P communications of the Downad/Conficker botnet may have just been used to serve an update, and not via HTTP," the blog post says. "The Conficker/Downad P2P communications is now running in full swing!"
In addition to adding the new propagation functionality, Conficker communicates with servers that are associated with the Waledac family of malware and its Storm botnet, according to a separate blog post by Trend Micro security researcher Rik Ferguson.
The worm tries to access a known Waledac domain and download another encrypted file, the researchers said.
Conficker.C failed to make a splash a week ago despite the fact that it was programmed to activate on April 1. It has infected between 3 million and 12 million computers, according to Perry.
Initially, researchers thought they were seeing a new variant of the Conficker worm, but now they believe it is merely a new component of the worm.
The worm spreads via a hole in Windows that Microsoft patched in October, as well as through removable storage devices and network shares with weak passwords.
The worm disables security software and blocks access to security Web sites.
20 comments:
Hi thеre! I just wаnt to give you a big thumbѕ up for your excellеnt
info you've got right here on this post. I will be returning to your site for more soon.
Here is my web site :: Http://Www.Ashters.Com/comics/naruto/naruto-book-two/chapter-3/008-298.html
Grеat blog here! Alѕο your wеb ѕite loads up veгy faѕt!
What host are you using? Can I get your affiliаte
linκ to yоur host? Ӏ wish mу ѕite loаdeԁ uρ
as quickly aѕ уours lol
Here is my webpage www.thelemonclub.co.uk
Hi there, just became аlert to your blog through Googlе, and fоund that it's truly informative. I am going to watch out for brussels. I will be grateful if you continue this in future. Lots of people will be benefited from your writing. Cheers!
my blog; https://quake.ethz.ch/quakepy/Your_five_Different_Popular_features_of_Cardsharing_With_CCCam_Togethe
my page :: www.kidslearningisfun.com.au
Do you havе a sрam iѕѕue on this blog; I аlѕo am a blogger, and I
ωaѕ сuriouѕ аbout your situatіοn; manу of us have crеated ѕοme nіce methodѕ and ωe aгe lοoking
to ѕωap strаtеgiеs with others, why nοt shoot mе an e-mail if іnteгеѕteԁ.
my blog ... scootertechno.com
An impressiνe ѕhare! I've just forwarded this onto a friend who has been doing a little research on this. And he actually ordered me dinner simply because I found it for him... lol. So allow me to reword this.... Thank YOU for the meal!! But yeah, thanks for spending time to talk about this topic here on your blog.
Here is my weblog: cardsharing anbieter
How Can I Copyright Protect Stories and Articles on My Website?
Feel free to visit my weblog ... Transvaginal Mesh Lawsuit
lunette louis vuitton pas cher [url=http://www.cuirlv2013.fr]vetement louis vuitton pas cher[/url] losjmj Louis Vuitton Soldes [url=http://www.lvspeedy.fr]Louis Vuitton Pas Cher[/url] jxxnqp
Very descriptive article, I enjoyed that bit. Will there
be a part 2?
Stop by my homepage Affordable-Dental-Plan.org
This is very interesting, You're a very skilled blogger. I have joined your rss feed and look forward to seeking more of your magnificent post. Also, I have shared your web site in my social networks!
Also visit my web page ... healthy diet plans for women
Thanks to my father who told me on the topic of this blog,
this web site is genuinely amazing.
Feel free to surf to my website; how much should you weigh
Write more, thats all I have to say. Literally, it seems
as though you relied on the video to make your point.
You obviously know what youre talking about, why waste your intelligence on just posting videos to your site when you could be giving us something informative
to read?
Here is my web blog :: cccam server how to
Many of the benefits of compound movements are as follows
.
Also visit my homepage ... best adjustable dumbbells
Among all in the training devices out there, perhaps probably the most common and widely utilised bit of devices would be the treadmill.
My blog post; www.getfitnstrong.com
Good day! You some sort of expert? Great message.
Are you able to tell me how one can subscribe your blog?
Feel free to surf to my webpage :: having trouble getting pregnant at 40
Regardless of whether you acquire tag heuer outlet las vegas for oneself or loved ones,
get it as being a present or get valuable heirloom pieces, you need to
know how to get, promoting and cleansing tag heuer outlets practices.
This short article provides advice on all aspects of any time or money you invest in tag heuer
outlet locations.
Stop by my weblog: tagheueroutlet.com
Hello, јust wanted to say, I enjoyed thiѕ blog poѕt.
It wаs funnу. Keеρ on ροѕting!
Τake a look at my ωeb blog :: ukinsurancewise.co.uk
Are you feeling like you do not have the car you deserve?
This is because the salesman is trying to get a great commission
out of you. Don't treat a salesperson like a friend. Continue reading for some valuable tips and information.
my webpage cars
To do so, you have to do is take some time. Instead
of asking" is my ex how to get girlfriend? These products may seem like a useless effort. Whatever the things are, it's possible that the reason you have started dating someone else. That means not blowing up over little things, not getting upset if she how to get girlfriend does, she will need to be a BIG mistake. Quite often, it turns out to be a restaurant.
Here is my page: how to get girlfriend - howtogetagirlefriend.com -
Mr Hunter said he had already suggested to the Federal Insurance Office
to collect more data on the issue. The insurance industry
likes to call this type of coverage pays for damage to
others peoples cars from an accident won't exceed the maximum payout of your insurance reliable cars.
Feel free to visit my web blog ... auto insurance
If you have answered yes to even one of these symptoms, you're heading straight for a financial crash. Government consolidate debt are provided by many institutions. The money may be from past expenditures regarding building new offices, expanding ones offices, hiring new people and so on. Anyone that has bad credit would be to get the financing you need.
Here is my webpage; consolidate payday loans