Conficker Wakes Up, Updates, Drops Payload

Search Options	close
Search the following clips: All Clips

news science politics food economy art
technology health internet religion psychology

Sign Up Install Learn More Login


	Conficker Wakes Up, Updates, Drops Payload

merrie

4-10-2009 7:18 AM

182 views

tags:

conficker worm, updating via p2p, researchers suspect keystroke logger, steal data from machine, myspace msn.com ebay cnn aol

merrie says:

The development was found when Trend Micro researchers noticed a new file in the Windows Temp folder and a large encrypted TCP response from a known Conficker P2P IP node hosted in Korea:

Two things can be summed up from the events that transpired:

1. As expected, the P2P communications of the Downad/Conficker botnet may have just been used to serve an update, and not via HTTP. The Conficker/Downad P2P communications is now running in full swing!

2. Conficker-Waledac connection? Possible, but we still have to dig deeper into this…

Add a Comment

Login to Comment. Not a member yet? Sign up

Today's Top Clips

visit the Top Clips page

View the Top Clips from April 10, 2009

Embed This Clip In Your Site...

<div style="margin: 12px 0px; font-family: arial; color: #333333; background: #ffffff; border: solid 4px #e5e5e5; width: 100%; clear: left;"><div class="CM_CTB_Content_Wrap" style="margin: 0px; padding: 0px;background-color:#e5e5e5;"><div style="border-bottom: solid 1px #dcdcdc; white-space: nowrap; margin-bottom: 8px; background-color: #eeeeee ;background-image: url(http://clipmarks.com/images/source-bg.gif); background-repeat: repeat-x; height: 24px; line-height: 24px; vertical-align: middle; padding-bottom: 4px; color: #666666; font-size: 10px;" ><a href="http://clipmarks.com/clip-to-blog/" title="see clips that are hot right now"><img src="http://content.clipmarks.com/blog_embed/147f92fd-e10a-4bf5-9f92-a5c267f46970/BCACB7B8-BEC0-4DC0-BEC3-6EA8AC2F1624/" alt="" width="19" height="19" border="0" style="vertical-align: middle; margin: 0px 4px; display: inline; border: none; float:none;" /></a>clipped from <a title="http://blogs.zdnet.com/BTL/?p=16082" href="http://blogs.zdnet.com/BTL/?p=16082" style="font-size: 11px;">blogs.zdnet.com</a></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/BTL/?p=16082"><P><A href="http://i.zdnet.com/blogs/globe_traffic.jpg"><IMG width="250" alt="" src="http://i.zdnet.com/blogs/globe_traffic.jpg" title="globe_traffic" class="size-full wp-image-16087 alignright" /></A>The <STRONG>Conficker </STRONG>worm is finally active, updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.</P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/BTL/?p=16082"><P>CNET’s Elinor Mills <A href="http://news.cnet.com/8301-1009_3-10215678-83.html">reports </A>that researchers are analyzing the code of the software that is being dropped onto infected computers and suspect that it is a keystroke logger or some other program designed to steal data from the machine.</P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/BTL/?p=16082"><P>Just yesterday, Zero Day blogger Dancho Danchev noted that <A href="http://blogs.zdnet.com/security/?p=3093">a Conficker copycat was already</A> making its rounds.</P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/BTL/?p=16082"><P>According to <A href="http://blog.trendmicro.com/downadconficker-watch-new-variant-in-the-mix/">a post on the TrendLabs Malware blog</A>, the awakened worm tries to connect to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com as a way to test that the computer has Internet connectivity. It then deletes all traces of itself in the host machine, and is scheduled to shut down on May 3.</P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/BTL/?p=16082"><P>As for the second point, <A href="http://countermeasures.trendmicro.eu/new-downadconficker-variant-spreading-over-p2p/">researchers said</A> the worm tries to access a known Waledac domain and download another encrypted file, but they’re still trying to examine the connection.</P></blockquote></div><div style="margin: 0px 6px 6px 4px;"><table style="font-size: 11px;border-spacing: 0px;padding: 0px;" cellpadding="0" cellspacing="0" width="100%"><tr><td style="background:transparent;border-width:0px;padding:0px;">&nbsp;</td><td align="right" style="background:transparent;border-width:0px;padding:0px;width:107px" width="107"><a href="http://clipmarks.com/share/BCACB7B8-BEC0-4DC0-BEC3-6EA8AC2F1624/blog/" title="blog or email this clip"><img src="http://content6.clipmarks.com/images/c2b-foot.png" border="0" alt="blog it" width="107" height="17" style="border-width:0px;padding:0px;margin:0px;" /></a></td></tr></table></div></div>

New from the makers of Clipmarks: Amplify.com - Don't just share the news...Amplify it!

Clipmarks: Home; New Clips; Top Clips; Dashboard

Popular Topics: News; Life; Science; Technology; Entertainment

Get Started: Sign Up; Install Clipping Tool; How Clipping Works; Clip-to-Blog™; ClipSearch

Tools and Resources: FAQ; ClipWeek; Top Clippers; Top Tags; Site Map

About Clipmarks: About Us; Contact; Copyright; Privacy; EULA

Search Options

Today's Top Clips