Conficker Activated, Spreading Payload

Kara Reeder

Conficker has sprung to life. PCWorld reports that the worm has begun contacting infected computers via a binary file over peer-to-peer.

 

The binary randomly contacts one of five Web sites -- MySpace, MSN, ebay, CNN or AOL -- apparently to confirm that the infected machine is connected to the Internet before dropping a payload and deleting all traces of itself. It also prevents PCs from visiting certain Web sites.

 

Researchers are not clear exactly what the payload is, suspecting that it might be a keystroke logger or some other program designed to steal sensitive data off the machine, according to CNET News. Trend Micro says the software seems to be a .sys component hiding behind a rootkit.

 

Another interesting twist is that Conficker is communicating with servers that are known to be associated with the Waledac family of malware and its Storm botnet.

 

The update also includes an instruction that the worm remove itself on May 3, notes BBC News. However, the creators can still control compromised PCs because the Waledac imposed backdoor on the machine will remain open.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data