CDRInfo Forum CDRInfo Forum

Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

Conficker, the Internet's No. 1 threat, gets an update.   Logged in as: Guest
Viewers: 740 You can click here to see Today's Posts | Most Active Topics | Posts Since Last Visit
  Printable Version
All Forums >> [News Around The Web] >> Security News >> Conficker, the Internet's No. 1 threat, gets an update. Page: [1]
Login
Message << Older Topic   Newer Topic >>
Conficker, the Internet's No. 1 threat, gets an update. - 4/9/2009 10:01:04 AM   
astra

 

Posts: 462
Joined: 4/1/2009
Status: offline
Worm uses P2P file, seeks to control more machines, researchers say

Security researchers say a worm that has infected millions of computers worldwide has been reprogrammed to strengthen its defenses while also trying to attack more machines.

Conficker, which takes advantage of a vulnerability in Microsoft's software, has infected at least 3 million PCs and possibly as many as 12 million, making it into a huge botnet and one of the most severe computer security problems in recent years.

Botnets can be used to send spam and attack other Web sites, but they need to be able to receive new instructions. Conficker can do this two ways: It can either try to visit a Web site and pick up instructions or it can receive a file over its custom-built encrypted peer-to-peer (P2P) network.

Over the past day or so, researchers at Websense and Trend Micro said some PCs infected with Conficker received a binary file over P2P. Conficker's controllers have been hampered by efforts of the security community to get directions via a Web site, so they are now using the P2P function, said Rik Ferguson, senior security adviser for Trend Micro.

The new binary tells Conficker to start scanning for other computers that haven't patched the Microsoft vulnerability, Ferguson said. A previous update turned that capability off, which hinted that Conficker's controllers maybe thought the botnet had grown too large.

But now, "it certainly indicates [Conficker's authors] are seeking to control more machines," Ferguson said.

The new update also tells Conficker to contact MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com apparently to confirm that the infected machine is connected to the Internet, Ferguson said. It also blocks infected PCs from visiting some Web sites. Previous Conficker versions wouldn't let people browse to the Web sites of security companies.

In another twist, the binary appears to be programmed to stop running on May 3, which will shut off the new functions, he said.

It's not the first time Conficker has been coded with time-based instructions. Computer security experts were bracing for catastrophe on April 1, when Conficker was scheduled to try to visit 500 of some 50,000 random Web sites generated by an internal algorithm in order to get new instructions, but the day passed without incident.

Also worrying is that the new update tells Conficker to contact a domain that is known to be affiliated with another botnet, called Waledec, Ferguson said. The Waledec botnet grew in a fashion that was similar to the Storm worm, another large botnet that has now faded but was used to send spam. It means that perhaps the same group could be linked to all three botnets, Ferguson said.
More reading.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9131341&intsrc=news_ts_head
Post #: 1
Page:   [1]
All Forums >> [News Around The Web] >> Security News >> Conficker, the Internet's No. 1 threat, gets an update. Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.016