The Ashes

Technology, Science and other news
April 9, 2009

Conficker Returns To Life By Updating Itself Using P2P

Posted by : admin
Filed under : General

Conficker Uses P2P

You probably heard of the Conficker worm, unless you were on a space trip, road trip, boat trip, any trip, or in any place without an Internet connection then we forgive you for not knowing something about it. Well, everybody was so scared of it, but so far security experts said that it’s harmless. However, this thing has changed now as Conficker is now updating through P2P between infested computers, and it drops a “mystery payload” on computers, says a Trend Micro report.

Experts from Trend Micro were analyzing a code of the software which the worm drops on infected computers which is suspected to be a keystroke logger or other software which steals important data from a computer. David Perry, global director of security education at Trend Micro, says that the software is a .sys component which Conficker hides behind a rootkit, and is “heavily encrypted” making its analysis very difficult. The rookit doesn’t make researchers’ lives easier.

The report says that Conficker is trying to connect to websites like MSN.com, eBay.com, MySpace.com, AOL.com, and CNN.com in order to see if the infected computer has an Internet connection. After this, the worm automatically deletes its traces in the host computer, and it plans to shut-down itself on May 3th.

“After May 3, it shuts down and won’t do any replications,” said Perry. But he (just like us) knows that worm-infected computers can be remotely controlled for other harmful purposes. According to Perry, Conficker created a new file in Windows’ Temp folder, and it received a heavy-encrypted TCP response from a well-known P2P IP node which is hosted in Korea.

“As expected, the P2P communications of the Downad/Conficker botnet may have just been used to serve an update, and not via HTTP. The Conficker/Downad P2P communications is now running in full swing,” says the report.

Rik Ferguson, security researcher at Trend Micro, says that the worm exchanges information with servers related to malware’s Waledac family, and with its Storm botnet. He explains that Conficker accesses one of Waledac’s domains, and downloads an extra encrypted file.

Although Conficker was almost declared harmless after it failed to activate on April 1st, Perry believes that Conficker is conceiving a masterplan. At first, the researchers thought that yesterday’s activity was a new and improved Conficker version of the worm, but then they realized that this is another part of the plan, and soon it could compromise the 3 to 12 million computers that it has infected so far.

I guess it remains to see what Conficker will do next. Hopefully, none of us will witness its power!

P.S. If you didn’t know this, the worm infects computers using a security breach in a Windows update patch from October last year. You can check if your computer is infected using this Conficker EyeChart, or the Conficker Online Infection Indicator from the University of Bonn.

Tags :

No Comments

(required)
(will not be published) (required)
(opitional)

cciash.com EN ES IT DE PT CZ FR RU
February 2018
M T W T F S S
« Sep    
 1234
567891011
12131415161718
19202122232425
262728  

Pages

Categories

Resources

There are many online poker site where you can play but at poker.hk you can play the poker games with all the knowledge you need related to the game with the poker school available in both the English and Chinese language.

Super Casino

Now you can bet on any sports and any sporting events from all the comfort from your home. Bet770 allows you to bet on any events and match with in just 3 clicks. They also offers great odds on football betting for every premier and champions league match. Get £50 free in bets when you register.

Bingo770, offering best online bingo games with £7.70 free no deposit Bonus!