NEW YORK (4/13/09)--The Conficker worm, which infected three million to 12 million computers worldwide, has been reprogrammed to make it stronger while it seeks to control more computers, reported Computerworld Thursday.
The worm, dubbed the Internet's No. 1 threat, takes advantage of a vulnerability in Microsoft software that permits it to infect computers forming a huge "botnet" or suite of machines to send spam and attacks against websites. However, the worm needs to receive new instructions to continue attacking. It does this by picking up instructions on a website or by receiving a file over a peer-to-peer network (P2P).
The security community had succeeded in hampering Conficker in getting directions via a website, but late last week, researchers at two organizations noted some computers infected with Conficker received a P2P binary file. The new file tells Conficker to contact MySpace.com, MSN.com, eBay.com, CNN.com, and AOL.com. The P2P function indicates more sophistication.
The new update, which is programmed to stop running May 3, tells Conficker to contact a domain affiliated with another botnet, called Waledec, which was used to send spam and grew similarly to the Storm worm. Security experts said that indicates the same group is linked to all three botnets.
So far, the worm hasn't been used for malicious purposes. The two organizations that discovered the reprogrammed binary update said their findings are preliminary because they're still analyzing the update.
Perimeter, a CUNA Strategic Services provider, has a blog about the latest Conficker update. Use the link to read the latest.
courtesy of cuna.org