| 08 |
| Apr |
Article from Rik Ferguson
Filed under: malware | RSS 2.0 | TB | Tags: conficker, downadup, malicious code, malware, waledac, worm_downad | 27 Comments
TrendLabs researcher Ivan Macalintal has this evening discovered a new variant of Downad/Conficker called WORM_DOWNAD.E spreading over the peer-to-peer functionality of the previous version of this now infamous worm.
As well as reactivating the original propogation functionality, this new variant sheds some extra light on possible links with other malware and origins of the worm. This new Downad/Conficker variant is talking to a server which is known already for being associated with the Waledac family of malware, in order to download further malicious components. These components have so far been missing, but could this finally be the “other boot dropping” that we have all been waiting for?
Waledac has, for a while now, been suspected to be the latest offering from the people behind the Storm botnet. Could it be that Downad/Conficker, Waledac and Storm all originate from the same cybercriminal gang?
Please read the TrendLabs Malware blog for a detailed breakdown.
| Malware Diaries » Blog Archive » Conficker alive and well with new variant update via P2P: Thursday, 9. April 2009 um 12:30 am |
|
|
[...] some evidence links Conficker with the Waledac malware family also known for its large botnets, and worth [...] |
|
| TECHGEEK.com.au : Trend Micro : New variant of Conficker in the wild: Thursday, 9. April 2009 um 2:06 am |
|
|
[...] “This new Downad/Conficker variant is talking to servers which are known already for being associated with the Waledac family of malware, in order to download further malicious components. These components have so far been missing, but could this finally be the “other boot dropping” that we have all been waiting for?” Rick Ferguson wrote on the Trend Micro’s Countermeasures blog. [...] |
|
| Conficker wakes up, updates via P2P, drops payload | NJN Network: Thursday, 9. April 2009 um 3:31 am |
|
|
[...] servers that are associated with the Waledac family of malware and its Storm botnet, according to a separate blog post by Trend Micro security researcher Rik [...] |
|
| Cloud Computing Adoption Comes Down To Trust and Openness | Tek Tips Blogs: Thursday, 9. April 2009 um 6:47 am |
|
|
[...] back in a new form. TrendLabs have this evening discovered a new variant of Downad/Conficker called WORM_DOWNAD.E spreading over the peer-to-peer functionality of the previous version of this now infamous [...] |
|
| Trend Micro entdeckt neue Conficker-Variante - Security | News | ZDNet.de: Thursday, 9. April 2009 um 9:17 am |
|
|
[...] Conficker mit der Bezeichnung WORM_DOWNAD.E entdeckt, die |
|
| Conficker wakes up, updates, drops payload | Between the Lines | ZDNet.com: Thursday, 9. April 2009 um 10:21 am |
|
|
[...] servers that are associated with the Waledac family of malware and its Storm botnet, according to a separate blog post by Trend Micro security researcher Rik [...] |
|
| Conficker botnet stirs to distribute update payload - Computer Forums: Thursday, 9. April 2009 um 11:36 am |
|
|
[...] potential clues on the origins of the worm, because of possible links to other malware. Trend Micro reports that the new Downadup/Conficker variant is talking to servers associated with the Waledac family of [...] |
|
| Conficker alive and well with new variant update via P2P: Thursday, 9. April 2009 um 12:13 pm |
|
|
[...] some evidence links Conficker with the Waledac malware family also known for its large botnets, and worth [...] |
|
| Conficker wakes up, updates, drops payload | The IT Security Attaché: Thursday, 9. April 2009 um 12:21 pm |
|
|
[...] for the second point, researchers said the worm tries to access a known Waledac domain and download another encrypted file, but they’re [...] |
|
| Conficker.E: Aufgewacht und »Ready to Rock!« - The Inquirer DE: Thursday, 9. April 2009 um 12:54 pm |
|
|
[...] TrendMicro-Meldung TrendMicro-Analyse Conficker Working Group // [...] |
|
| Dennison Technology Group Inc. » The Conficker worm is finally active.: Thursday, 9. April 2009 um 2:25 pm |
|
|
[...] for the second point, researchers said the worm tries to access a known Waledac domain and download another encrypted file, but they’re [...] |
|
| Conficker deve tentar novo ataque em maio « 1security’s Blog: Thursday, 9. April 2009 um 4:15 pm |
|
|
[...] TrendMicro divulgou, em seu blog de segurança, que o malware Conficker recebeu novas orientações via conexões P2P para disparar uma onda de [...] |
|
| .:: Securnetwork.net Blog - Massimo Rabbi ::. » Conficker ora si aggiorna!: Thursday, 9. April 2009 um 5:17 pm |
|
|
[...] esistenti e utilizzando da quel momento in poi nomi di file e servizi in maniera random. Il worm si mette in ascolto sulla porta TCP 5114, in attesa di richieste in grado di essere processate dal mini-server HTTP [...] |
|
| New Downad/Conficker variant spreading over P2P » Counter Measures | thepostingsecrets: Thursday, 9. April 2009 um 8:50 pm |
|
|
[...] Original post: New Downad/Conficker variant spreading over P2P » Counter Measures [...] |
|
| Conficker si è svegliato, altro che pesce d’aprile - The New Blog Times: Thursday, 9. April 2009 um 9:17 pm |
|
|
[...] Conficker comunica con i server associati alla famiglia di malware Waledac e con la botnet Storm, spiega Rik Ferguson di Trend [...] |
|
| El nuevo Conficker ya no se conecta a dominios | Shadow Security: Friday, 10. April 2009 um 12:06 am |
|
|
[...] cuanto al segundo punto, los investigadores dicen que el gusano intenta acceder a un dominio conocido de Waledac y descargar otro archivo cifrado, [...] |
|
| blog.grospolina.net: Friday, 10. April 2009 um 9:15 am |
|
|
… Tja, da gehen die sog. Experten hin und registrieren sich domains die der Conficker-Wurm anlegen wird, |
|
| Top 10 Websites To Learn The Art Of Being A Fashionista | Classics Blog: Friday, 10. April 2009 um 12:29 pm |
|
|
[...] New Downad/Conficker variant spreading over P2P » Counter Measures [...] |
|
| File Extension Torrent | Gadgets & Tech: Friday, 10. April 2009 um 1:40 pm |
|
|
[...] New Downad/Conficker variant spreading over P2P » Counter Measures [...] |
|
| Conficker wakes up, updates via P2P, drops payload | Cyberphunkz Tech Blog: Friday, 10. April 2009 um 3:35 pm |
|
|
[...] servers that are associated with the Waledac family of malware and its Storm botnet, according to a separate blog post by Trend Micro security researcher Rik [...] |
|
| Conficker: Neue Variante sorgt für neue Panik: Friday, 10. April 2009 um 8:52 pm |
|
|
[...] Ewell konnte Symantec solche Verbindungen der Schädlinge untereinander bereits beobachten. Auch Rik Ferguson von TrendMicro spricht – wenn auch sehr vorsichtig – von so einer möglichen [...] |
|
| Conficker disparará novos ataques em 3 de maio: Saturday, 11. April 2009 um 3:13 am |
|
|
[...] uma nova onda de ataques no dia 3 de maio. A informação foi divulgada pela empresa de segurança TrendMicro. O worm de rede recebeu recentemente instruções via conexões [...] |
|
| Trend Micro: Conficker się obudził i instaluje spyware | covalic ...bo grafika jest dla ludzi: Saturday, 11. April 2009 um 4:08 pm |
|
|
[...] po ostatniej aktualizacji, oprócz dodania nowych możliwości powielania się, Conficker zaczął łączyć się z serwerami rodziny szkodników Waledec i jej botnetem Storm. Po nawiązaniu z nimi kontaktu, robak próbuje [...] |
|
| Heise Meldung: Conficker-Wurm lädt jetzt doch nach: Tuesday, 14. April 2009 um 8:40 am |
|
|
[...] Registry-Einträge löscht und fortan mit zufälligen Dateinamen und Dienstnamen arbeitet. Zudem öffnet der Wurm nun den Port 5114 und lauscht mit einem eingebauten HTTP-Server auf Verbindungsanfragen. [...] |
|
| Conficker acorda e instala conteúdo desconhecido nos micros infectados | Tumulto: Monday, 20. April 2009 um 7:51 pm |
|
|
[...] houve conexão com servidores relacionados ao malware Waledac, que teria sido criado pelos responsáveis pela rede [...] |
|
| The ultimate guide to scareware protection « AES IT Security: Tuesday, 27. October 2009 um 6:08 pm |
|
|
[...] botnet gang has already made three attempts to monetize the millions of infected hosts, by reselling access to them to two different gangs, but has also attempted to install scareware on [...] |
|
Wednesday, 8. April 2009 um 11:19 pm
[...] servers that are associated with the Waledac family of malware and its Storm botnet, according to a separate blog post by Trend Micro security researcher Rik [...]