Conficker wakes up, updates, drops payload

[djbaxter]

Conficker wakes up, updates, drops payload
by Andrew Nusca, ZDNet
April 9th, 2009

The Conficker worm is finally active, updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.

...

According to a post on the TrendLabs Malware blog, the awakened worm tries to connect to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com as a way to test that the computer has Internet connectivity. It then deletes all traces of itself in the host machine, and is scheduled to shut down on May 3.

...more

 

[Linda Buquet]

Yikes, hope this isn't too bad. Was hoping it was just overblown worry by the media and nothing much would come of it.

 

[djbaxter]

What it will eventually do is still uncertain, although there are suggestions it installs a keylogger which could be used to steal passwords and credit card numbers. From what I read, it seems this was primarily to download an update to the worm... for now. But of course if it can connect to the net on infected machines, it can be instructed to do pretty much do anything it wants whenever it wants.

 

[djbaxter]

Conficker botnet downloads scareware - fake anti-virus programs

Conficker botnet stirs, with a scareware business model
by Ryan Naraine, ZDNet
April 9th, 2009

The Conficker botnet has stirred to life, using its peer-to-peer communication system to update itself and download scareware (fake anti-virus programs) to millions of infected Windows machines.

...

My colleague at Kaspersky Lab, Alex Gostev, has analyzed the latest samples and found the scareware/fraudware association, which means that millions of Conficker-infected machines will start getting pop-ups pushing a fake $49.95 security scanner.

...more