Conficker.E - Additional information on new Variant - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Conficker.E - Additional information on new Variant

Lightning More details have surfaced from F-Secure's blog ...

Conficker.E - Additional information on new Variant
http://www.f-secure.com/weblog/archives/00001652.html

QUOTE: A new variant of Conficker was found yesterday. We're still investigating the files but here's what we know so far.

• On April 8th a new update was made available to Conficker.C infected machines via the P2P network

• The new file, which we call Conficker.E, is executed and co-exists alongside the old infection

• It re-introduces spreading via the MS08-067 vulnerability. Spreading functionality was removed in Conficker.C and the gang behind this maybe realized they made a mistake and added it again.

• There's a possible connection to Waledac, a spambot. Some Conficker.C infected computers connected to a well known Waledac domain and downloaded Waledac from there.

• There's also a connection to rogue anti-virus products as we've seen it end up on Conficker.C infected machines. The rogue product was Spyware Guard 2008.

• Conficker.E deletes itself if the date is May 3, 2009 or later.

Posted: Apr 10 2009, 08:50 AM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.