New Conficker Variant Enters into Spam Business
According to researchers at security firm Symantec, the creators of virus Conficker, which infiltrated and damaged a huge number of computers, have unleashed yet another version Conficker.E to make money just as all botnet masters do.
This new variant has started to implant itself on computers that were previously infected and in many fashions seems to behave like the first version, Conficker.A that emerged in November 2008.
Elucidating on the new Conficker.E variant, Security Operations Manager at Symantec Security Response, Orla Cox, stated that the ability of Conficker.E to exploit Microsoft security flaw resembles the way in which Conficker.B previously exploited. Yahoo!News published this on April 9, 2009.
Still another characteristic of the new Conficker.E, as per the reports of security researchers, is that the worm communicates and proliferates by using ports that are generated randomly over the range 1,024 to 10,000.
Also, the latest Conficker variant updates the previous version .C using encrypted software. Meanwhile, the worm's creators are gradually rolling out the update so that people do not notice the virus' presence or become aware of its fresh installations.
In addition, Symantec notes that the latest version Conficker.E downloads and plants Waledac, another prominent bot that analysts found to be virulent for the past many months. According to them, Waledac is probably famous as the descendant of the notorious Storm worm of 2008.
The Director of Security Response Operations for Symantec Corp., Kevin Hogan, that two things strike on his mind regarding the Conficker.E-Waledac association, reports Computerworld on April 9, 2009.
He stated that the people behind Waledac may possibly be belonging to the group responsible for Conficker, alternatively they may have direct links with the Conficker creators. Still another possibility is that the Conficker people have sold their botnet's usage to Waledac, who are in the business of spam and so spam messages would start flowing from these spammers.
Meanwhile, it isn't only Symantec that is reporting of Conficker.E. Trend Micro, another security company reports, in addition, that the latest version .E links with msn.com, myspace.com, ebay.com, aol.com and cnn.com, implying that these websites are fairly vulnerable to the worm.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 21-04-2009