New Downad/Conficker variant spreading over P2P

27 Replies

TrendLabs researcher Ivan Macalintal has this evening discovered a new variant of Downad/Conficker called WORM_DOWNAD.E spreading over the peer-to-peer functionality of the previous version of this now infamous worm.

worm_downad_e_bd

 

As well as reactivating the original propogation functionality, this new variant sheds some extra light on possible links with other malware and origins of the worm. This new Downad/Conficker variant is talking to a server which is known already for being associated with the Waledac family of malware, in order to download further malicious components. These components have so far been missing, but could this finally be the “other boot dropping” that we have all been waiting for?

 

Waledac has, for a while now, been suspected to be the latest offering from the people behind the Storm botnet. Could it be that Downad/Conficker, Waledac and Storm all originate from the same cybercriminal gang?

 

Please read the TrendLabs Malware blog for a detailed breakdown.

Related posts:

  1. Poisoned Downad/Conficker Removal Searches…
  2. Downad/Conficker, who’s the April Fool?
  3. Waledac: Reuters Video News Social Engineering
  4. UK Parliament Conficked!
  5. Restore Access to Blocked Sites on Conficked Systems

27 thoughts on “New Downad/Conficker variant spreading over P2P

  1. Pingback: The ultimate guide to scareware protection « AES IT Security

  2. Pingback: Conficker acorda e instala conteúdo desconhecido nos micros infectados | Tumulto

  3. Pingback: Heise Meldung: Conficker-Wurm lädt jetzt doch nach

  4. Pingback: Trend Micro: Conficker się obudził i instaluje spyware | covalic ...bo grafika jest dla ludzi

  5. Pingback: Conficker disparará novos ataques em 3 de maio

  6. Pingback: Conficker: Neue Variante sorgt für neue Panik

  7. Pingback: Conficker wakes up, updates via P2P, drops payload | Cyberphunkz Tech Blog

  8. Pingback: File Extension Torrent | Gadgets & Tech

  9. Pingback: Top 10 Websites To Learn The Art Of Being A Fashionista | Classics Blog

  10. Pingback: blog.grospolina.net

  11. Pingback: El nuevo Conficker ya no se conecta a dominios | Shadow Security

  12. Pingback: Conficker si è svegliato, altro che pesce d’aprile - The New Blog Times

  13. Pingback: New Downad/Conficker variant spreading over P2P » Counter Measures | thepostingsecrets

  14. Pingback: .:: Securnetwork.net Blog - Massimo Rabbi ::. » Conficker ora si aggiorna!

  15. Pingback: Conficker deve tentar novo ataque em maio « 1security’s Blog

  16. Pingback: Dennison Technology Group Inc. » The Conficker worm is finally active.

  17. Pingback: Conficker.E: Aufgewacht und »Ready to Rock!« - The Inquirer DE

  18. Pingback: Conficker wakes up, updates, drops payload | The IT Security Attaché

  19. Pingback: Conficker alive and well with new variant update via P2P

  20. Pingback: Conficker botnet stirs to distribute update payload - Computer Forums

  21. Pingback: Conficker wakes up, updates, drops payload | Between the Lines | ZDNet.com

  22. Pingback: Trend Micro entdeckt neue Conficker-Variante - Security | News | ZDNet.de

  23. Pingback: Cloud Computing Adoption Comes Down To Trust and Openness | Tek Tips Blogs

  24. Pingback: Conficker wakes up, updates via P2P, drops payload | NJN Network

  25. Pingback: TECHGEEK.com.au : Trend Micro : New variant of Conficker in the wild

  26. Pingback: Malware Diaries » Blog Archive » Conficker alive and well with new variant update via P2P

  27. Pingback: Kaspersky Labs USA » Conficker wakes up, updates via P2P, drops payload

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>