If you thought you were out of the woods with Conficker because April 1st came and went, think again. According to a news.com article, it seems that Conficker has started doing something that may be potentially evil:
The Conficker worm is finally doing something–updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.
Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is a keystroke logger or some other program designed to steal sensitive data off the machine, said David Perry, global director of security education at Trend Micro.
The software appeared to be a .sys component hiding behind a rootkit, which is software that is designed to hide the fact that a computer has been compromised, according to Trend Micro. The software is heavily encrypted, which makes code analysis difficult, the researchers said.
An encrypted payload is being shoved onto infected computers? That doesn’t sound good. There’s more though:
The worm also tries to connect to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com as a way to test that the computer has Internet connectivity, deletes all traces of itself in the host machine, and is set to shut down on May 3, according to the TrendLabs Malware Blog.
Because infected computers are receiving the new component in a staggered manner rather than all at once there should be no disruption to the Web sites the computers visit, said Paul Ferguson, advanced threats researcher for Trend Micro.
“After May 3, it shuts down and won’t do any replication,” Perry said. However, infected computers could still be remotely controlled to do something else, he added.
So it sounds like this virus was merely a delivery system for the real threat. That’s scary. If you’re concerned (and you should be), take a look at this article that I wrote about this virus to see how you can protect yourself.
Like this:
Like Loading...
Related
This entry was posted on April 9, 2009 at 10:42 am and is filed under Commentary with tags virus. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Conficker May Actually Be Doing Something Very Evil As We Speak
If you thought you were out of the woods with Conficker because April 1st came and went, think again. According to a news.com article, it seems that Conficker has started doing something that may be potentially evil:
The Conficker worm is finally doing something–updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.
Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is a keystroke logger or some other program designed to steal sensitive data off the machine, said David Perry, global director of security education at Trend Micro.
The software appeared to be a .sys component hiding behind a rootkit, which is software that is designed to hide the fact that a computer has been compromised, according to Trend Micro. The software is heavily encrypted, which makes code analysis difficult, the researchers said.
An encrypted payload is being shoved onto infected computers? That doesn’t sound good. There’s more though:
The worm also tries to connect to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com as a way to test that the computer has Internet connectivity, deletes all traces of itself in the host machine, and is set to shut down on May 3, according to the TrendLabs Malware Blog.
Because infected computers are receiving the new component in a staggered manner rather than all at once there should be no disruption to the Web sites the computers visit, said Paul Ferguson, advanced threats researcher for Trend Micro.
“After May 3, it shuts down and won’t do any replication,” Perry said. However, infected computers could still be remotely controlled to do something else, he added.
So it sounds like this virus was merely a delivery system for the real threat. That’s scary. If you’re concerned (and you should be), take a look at this article that I wrote about this virus to see how you can protect yourself.
Share this:
Like this:
Related
This entry was posted on April 9, 2009 at 10:42 am and is filed under Commentary with tags virus. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.