It’s been a busy week for the virus creators and the antivirus companies. And we’re all the collateral damage. On April 8, Conficker finally got the update that the world was dreading 8 days earlier. As you know, the Internet didn’t end though. Then over the Easter weekend, Twitter was attacked by a worm (along with a series of copycats the next day).
According to F-Secure’s weblog, Conficker.E appeared on April 8. Some of the highlights of the new variant are:
- It coexists along with Conficker.C (meaning you can be infected with both variants).
- It was spread via the P2P network (not the domains that Conficker.C was checking).
- It reintroduced the Spreading through the MS08-067 security hole, which had been removed from Conficker.C. Apparently enough people STILL HAVE NOT PATCHED this hole, so it’s a viable method of spreading.
- It doesn’t use domain name generation.
- There are possible connections to Waledec and Rogue Antispyware/antivirus products due to Conficker.C computers connecting to domains that host those malware and downloading it. Or the connection could be that it automatically downloaded when they reached the website (kind of like it does when WE go there).
- On May 3, 2009 Conficker.E will remove itself. However it will leave Conficker.C on the computers.
Why the creators went this route, no one’s sure. It could be that they are playing with the security researchers (kind of saying “We’re learning and adapting to whatever you do.”), or they are just using this as a test run to see what their options are.
Either way, update your antivirus and patch your systems. MS08-067 has been out since October of 2008. There is NO excuse for not having the patch installed by now.
Now, there are copycats of his worm that are infecting profiles. As of right now, they’re just pushing links out to anyone who views the profiles—but that doesn’t mean that they can’t or won’t do something more.
If you’re a twitter user, I would add “twitter” to your following list. That way you can keep up to speed on what’s happening.
As I hear more, I’ll post more. Have a great day:)