The Conficker-worm has woken up. Earlier I wrote about the researchers who predicted the worm to wake up on the first of April, but the virus woke up on the ninth of April.
Trend Micro reports that the worm has begun to download other packets through a peer to peer connection. Key-loggers are probably being downloaded, but it’s hard to tell what the virus is exactly downloading, because of the very strong encryption that the worm uses.
The downloaded software seems to use a system component that hides itself in a root-kit. After downloading the software, the worm connects to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com to determine whether there is an Internet connection. Afterwards, it hides itself.
Like I said before, the software spreads itself through a peer to peer connection, which makes it very hard to stop. “Like we expected, it’s possible that the peer to peer network from the Conficker bot-net was used to serve an update, instead of HTTP” says Trend Micro in a message they have posted on their blog.
On the third of May, the virus will stop functioning. “On the third of May, the virus won’t spread itself anymore.” says David Perry, global director of security education at Trend Micro. He warns users that it may still be possible that the infected computers will be controlled remotely to make them do other things.
The Conficker.C-version of the worm, that was expected to wake up on the first of April, has been infecting approximately twelve million computers. The worm disables security software, denies access to update software and makes use of the leakage that got patched in October by Microsoft.
3 Responses
great information.
Wow,its amazing what will destroy a computer now a days.
We know what to look out for now, Kevoow.