Vulnerabilities / Threats
4/9/2009
02:25 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Conficker Worm Arms Itself To Steal And Spam

The new variant, designated Conficker.E, is arriving through the worm's P2P connectivity.

The Conficker/Downadup worm is on the move again. After a relatively uneventful April 1, on which the worm began widening the number of Web sites that it scanned for instructions, a new Conficker variant has emerged and appears to be preparing to spam and steal information.

Symantec said the new Conficker/Downadup variant .E is designed to update version .C rather than the first-generation .A variant.

“In actuality, the primary objective is to update .C with the new features discussed during the briefing and drop Waledac binary onto the .C infected machines,” a company spokesperson said in an e-mail.

Not every security company agrees the malicious code being detected belongs to Conficker. Bkis, a security research firm based in Vietnam, said Thursday that the malware Trend Micro identified is associated with the Waledac worm.

Weafer, however, argues that not all honeypots -- the machines used to collect malware samples -- contain the same samples.

The Conficker/Downadup worm was designed initially to exploit a Microsoft Windows vulnerability that was patched (MS08-067) last October. Since then, it has been updated several times. It now is capable of multiple attack vectors, including USB devices and brute-force password guessing. It also uses various advanced techniques to escape detection and to maintain its command-and-control channel, including a pseudo-random algorithm for generating the domains it uses to receive commands.

Somewhere between 1 million and 2 million computers are believed to be actively infected with the malware, down from almost 9 million in January. According to IBM ISS Managed Security Services, the highest number of infections are in Asia (45%), followed by Europe (31%), South America (13.6%), and North America (5.8%), with the rest in the Middle East, Africa, and elsewhere.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice one
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1235
Published: 2015-04-19
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.

CVE-2015-1236
Published: 2015-04-19
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a cr...

CVE-2015-1237
Published: 2015-04-19
Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages ...

CVE-2015-1238
Published: 2015-04-19
Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

CVE-2015-1240
Published: 2015-04-19
gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.