Experts warn of imminent Conficker attack
New variant begins to stir over peer-to-peer network of infected machines
Security experts have uncovered new Conficker activity which could indicate that the hackers behind the worm are finally gearing up for an assault.
Researchers at Trend Micro discovered a new variant of Downad/Conficker last night, called Worm_Downad.E, which is spreading over the peer-to-peer network of infected PCs created by the previous version.
This new variant sheds some interesting light on the origins of the worm, according to the researchers, and its potential link to the Waledac malware family which is responsible for one of the most active spam botnets around.
"This new Downad/Conficker variant is talking to servers which are known already for being associated with the Waledac family of malware, in order to download further malicious components," wrote Trend Micro solutions architect Rik Ferguson in a blog posting.
"These components have so far been missing, but could this finally be the 'other boot dropping' that we have all been waiting for?"
Symantec also released a statement today indicating that it is monitoring the same activity. The firm noted that the new Conficker variant "includes previously unseen self-removal functionality to remove itself from the infected host on May 3 2009".
Security firms are monitoring the situation, and will release further updates and alerts as the situation unfolds.
The Conficker Working Group, a coalition of security firms, has released an easy-to-use testing tool to check whether a PC is infected, and most vendors have free tools to remove the malware.
Many were expecting Conficker to launch an attack on 1 April, but this did not materialise.
Source : pcw.co.uk
New variant begins to stir over peer-to-peer network of infected machines
Security experts have uncovered new Conficker activity which could indicate that the hackers behind the worm are finally gearing up for an assault.
Researchers at Trend Micro discovered a new variant of Downad/Conficker last night, called Worm_Downad.E, which is spreading over the peer-to-peer network of infected PCs created by the previous version.
This new variant sheds some interesting light on the origins of the worm, according to the researchers, and its potential link to the Waledac malware family which is responsible for one of the most active spam botnets around.
"This new Downad/Conficker variant is talking to servers which are known already for being associated with the Waledac family of malware, in order to download further malicious components," wrote Trend Micro solutions architect Rik Ferguson in a blog posting.
"These components have so far been missing, but could this finally be the 'other boot dropping' that we have all been waiting for?"
Symantec also released a statement today indicating that it is monitoring the same activity. The firm noted that the new Conficker variant "includes previously unseen self-removal functionality to remove itself from the infected host on May 3 2009".
Security firms are monitoring the situation, and will release further updates and alerts as the situation unfolds.
The Conficker Working Group, a coalition of security firms, has released an easy-to-use testing tool to check whether a PC is infected, and most vendors have free tools to remove the malware.
Many were expecting Conficker to launch an attack on 1 April, but this did not materialise.
Source : pcw.co.uk
No comments:
Post a Comment