[ISN] Conficker wakes up, updates via P2P, drops payload
InfoSec News
alerts at infosecnews.org
Thu Apr 9 06:03:15 CDT 2009
http://news.cnet.com/8301-1009_3-10215678-83.html
By Elinor Mills
Security
CNews News
April 8, 2009
The Conficker worm is finally doing something--updating via peer-to-peer
between infected computers and dropping a mystery payload on infected
computers, Trend Micro said on Wednesday.
Researchers were analyzing the code of the software that is being
dropped onto infected computers but suspect that it is a keystroke
logger or some other program designed to steal sensitive data off the
machine, said David Perry, global director of security education at
Trend Micro.
The software appeared to be a .sys component hiding behind a rootkit,
which is software that is designed to hide the fact that a computer has
been compromised, according to Trend Micro. The software is heavily
encrypted, which makes code analysis difficult, the researchers said.
The worm also tries to connect to MySpace.com, MSN.com, eBay.com,
CNN.com and AOL.com as a way to test that the computer has Internet
connectivity, deletes all traces of itself in the host machine, and is
set to shut down on May 3, according to the TrendLabs Malware Blog.
[...]
More information about the ISN
mailing list