Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Conficker reprogrammed for new attack run

The worm is stirring, warn researchers.

Article comments

Researchers are warning that the Conficker worm has been reprogrammed to strengthen its defences and boost its ability to attack more machines.

Conficker takes advantage of a vulnerability in Microsoft's software, and has infected at least 3 million PCs and possibly as many as 12 million, making it into a huge botnet and one of the most severe computer security problems in recent years.

Botnets can be used to send spam and attack other websites, but they need to be able to receive new instructions. Conficker can do this in two ways: it can either try to visit a website and pick up instructions or it can receive a file over its custom-built encrypted P-to-P (Peer-to-Peer) network.

Over the last day or so, researchers with Websense and Trend Micro said some PCs infected with Conficker received a binary file over P-to-P. Conficker's controllers have been hampered by efforts of the security community to get directions via a website, so they are now using the P-to-P function, said Rik Ferguson, senior security advisor for the vendor Trend Micro.

The new binary tells Conficker to start scanning for other computers that haven't patched the Microsoft vulnerability, Ferguson said. A previous update turned that capability off, which hinted that Conficker's controllers maybe thought the botnet had grown too large.

But now, "it certainly indicates they [Conficker's authors] are seeking to control more machines," Ferguson said.

The new update also tells Conficker to contact MySpace.com, MSN.com, Ebay.com, CNN.com and AOL.com apparently to confirm that the infected machine is connected to the Internet, Ferguson said. It also blocks infected PCs from visiting some websites. Previous Conficker versions wouldn't let people browse to the websites of security companies.

In another twist, the binary appears to be programmed to stop running on 3 May, which will shut off the new functions, he said.

It's not the first time Conficker has been coded with time-based instructions. Computer security experts were bracing for catastrophe on 1 April, when Conficker was scheduled to try to visit 500 of some 50,000 random websites generated by an internal algorithm in order to get new instructions, but the day passed without incident.

Also worrying is that the new update tells Conficker to contact a domain that is known to be affiliated with another botnet called Waledec, Ferguson said. The Waledec botnet grew in a fashion that was similar to the Storm worm, another large botnet that has now faded but was used to send spam. It means that perhaps the same group could be linked to all three botnets, Ferguson said.

Even though Conficker doesn't appear to have been used yet for malicious purposes, it still remains a threat, said Carl Leonard, a threat research manager for Websense in Europe. The P-to-P functionality indicates a level of sophistication, he said.

"It is evident they've put a lot of effort into gathering this suite of machines," Leonard said. "They want to protect their environment and launch these updates in a way they can best capitalise on them."



Share:

More from Techworld

More relevant IT news

Comments

Windows60 said: That is not good news Even I use Vista is still no good enough The User Account Control couldnt stop it Every time that Microsoft releases the Windows operating system The windows operating system gets hit by these things even Microsoft improves its secuirty A 64-bit PC should be better but Macs get less infected However in the future Mac computers might get more virus just like Windows All operating system are not 100 secure



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *