Conficker Virus Proceeds with New Payload
According to security researchers at Trend Micro, around a week later of much-anticipated doomsday April 1, 2009, when everyone expected Conficker to strike, PCs already down with the virus infection are getting a fresh malware through peer-to-peer interaction.
David Perry, Global Director of Security Education, Trend Micro, says that researchers analyzing the new payload installed on the infected PCs speculate that it could be a keylogger or a different kind of data-stealing program, as reported by cnet news on April 8, 2009.
After analyzing, the researchers found that the malicious software seemed to represent a .sys file concealed in a rootkit, a program that does not let a user know that his computer is in a state of compromise, revealed Trend Micro. Moreover, being heavily encrypted, the analysis of software code is very difficult, the researchers stated.
Furthermore, while attempting to link to MSN.com, CNN.com, eBay.com, AOL.com and MySpace.com, it tries to test if the infected PC is connected to the Internet. The software code removes all its traces on the host system, and is set to inactive on May 3, 2009, notes TrendLabs malware Blog.
Besides, researchers at Trend Micro observed the component for the first time on April 7, 2009 when they detected a fresh file in a Windows Temp folder. They further identified a massively encrypted TCP reply that emanated from a familiar Conficker P2P Internet Protocol node based in Korea.
Moreover, there are clues that the most recent Conficker update has links with the Waledac family of viruses. In fact, this fresh Conficker/Downadup variant is communicating with servers that are already associated with Waledac so that additional malicious components could be downloaded. Security experts state that people behind the Waledac malware have constructed a large botnet that they tied to numerous spam scams since late 2008.
Another security company BitDefender is also announcing that it has found yet another version of Conficker circulating on the Web. This new variant makes use of tools that eradicate the former variants of the virus to elude identification as well as subsequent dis-infection.
Related article: Conviction of First Felony Spam in Virginia Upheld
» SPAMfighter News - 15-04-2009