Old Worm—New Face.


As reported by Microsoft and Websense in the past few days, an old worm called Neeris has a new look.  The people behind the worm have updated it to use some of Conficker’s methods and techniques. 

Neeris was originally (and still is) an IRC Bot that traveled through MSN Messenger.  It was also able to use the vulnerabilities in svchost.exe (MS06-040) to spread.  Around April 1 of this year, the people who are creating and updating Neeris added the MS08-067 vulnerability to the worm’s arsenal.  And they gave it the ability to spread via Autoplay or Autorun (both techniques that Conficker uses).

If your antivirus protects you against the Neeris.gen!C variant, then you’re already protected against this new face.  However if your antivirus doesn’t protect you against it, then you need to update your definitions (Auto-update or manual update) or switch to an antivirus which does.  Neeris has been around since 2005, so most, if not all of the antivirus programs should protect against this.

So, you ask, if most or all antivirus programs are already protecting against this, why should I care?  Because, quite simply, it means that people are learning from Conficker.  Other virus/worm/malware writers are realizing that Conficker did it right (and is still doing it right).  So now they’re hopping onto that bandwagon.  Which means that other worms will take on these techniques.  And SOONER OR LATER, they’ll get past your antivirus program.

This is why you need to keep everything updated (Windows, Antivirus, Antispyware, and Firewall).  This is also why you need to stay abreast of the security issues online.  You don’t need a degree in Security.  You don’t even need to take any courses.  But you do need to find some sources of Security-related information and check them on a regular basis.  It doesn’t have to be every day—although when they’re really discussing an issue like Conficker, you’ll want to check daily or more often.

Here’s more information about Neeris and Conficker.D (the new name for the Post-April 1 variant).

Websense Blog on Neeris

Microsoft Blog on Conficker.D

Microsoft Blog on New version of Neeris

As  I hear of more blogs about this worm, I’ll update this post.

Have a great day:)
Patrick.

Leave a comment

Your email address will not be published. Required fields are marked *