Conficker.E - Additional information on new Variant
Posted
Friday, April 10, 2009 1:52 PM
by
hwaldron
More details have surfaced from F-Secure's blog ...
Conficker.E - Additional information on new Variant
http://www.f-secure.com/weblog/archives/00001652.html
QUOTE: A new variant of Conficker was found yesterday. We're still investigating the files but here's what we know so far.
• On April 8th a new update was made available to Conficker.C infected machines via the P2P network
• The new file, which we call Conficker.E, is executed and co-exists alongside the old infection
• It re-introduces spreading via the MS08-067 vulnerability. Spreading functionality was removed in Conficker.C and the gang behind this maybe realized they made a mistake and added it again.
• There's a possible connection to Waledac, a spambot. Some Conficker.C infected computers connected to a well known Waledac domain and downloaded Waledac from there.
• There's also a connection to rogue anti-virus products as we've seen it end up on Conficker.C infected machines. The rogue product was Spyware Guard 2008.
• Conficker.E deletes itself if the date is May 3, 2009 or later.