A New Conficker?
Conficker, the much-hyped worm that was supposed to trigger on April 1st but didn’t, has evolved dare I say it…..again. Multiple sources are now reporting a new variant of Conficker called WORM_DOWNAD.E by Trend Micro and W32/Confick-D by Sophos.
This new strand of Conficker has an activation date of May 3rd. So here we go again…..
According to Trend Micro the new worm, ”
1.)This worm may be downloaded unknowingly by a user when visiting malicious Web sites.
2.)This worm creates registry entries, and executes only after meeting certain trigger conditions.”
The new worm deletes its original download, leaving no traces in the Windows registry. You will not be able to see traces of the “Conficker” if searching.
Now, detecting it should be fairly easy. For one, this version of Conficker opens up (according to Trend Micro) port 5114 to serve as an HTTP server.
As well, like the previous Conficker, it still exploits the same Windows flaw which was patched by Microsoft back in October. Now as I said in my article on the original Conficker, “Conficker Computer Worm, horrible or hype?” As I have stated MANY times before… Many people do not run their current updates and even others have illegal copies of Windows that does not support updates. This is how the authors of Conficker keep getting in.
What I have trouble understanding is that the Conficker authors are continuing to evolve the worm, and evade detection. Just when experts think they have a handle on one threat, they release another. No one can find out who, what, where or why.
The thought that someone, somewhere can evade all of the worlds TOP experts scares me. I even heard Microsoft has offered a 250K reward for a “Conficker arrest.” Can no one catch these masterminds? Where is Superman when we need him.. it seems Lex Luthor is at it again, and no one can save us.
Kimberly Veautour
Acknowledgments: Trend Micro
© 2009, KymberStyle. All rights reserved.