Sunday, April 12, 2009

Trojan/Worm


The latest variant of the conficker worm finally shows its true face, and that is to make money. This variant E is first detected last week.

Variant E of the worm was the first to use the base of Conficker-infected computers for an ulterior purpose. It downloads and installs two additional payloads:[30]

* Waledac, a spambot otherwise known to propagate through e-mail attachments.[38] Waledac operates similarly to the 2008 Storm worm and is believed to be written by the same authors.[39][40]
* SpyProtect 2009, a scareware anti-virus product.





Taken from http://www.katu.com/news/tech/42811892.html
SAN FRANCISCO (AP) - The dreaded Conficker computer worm is stirring. Security experts say the worm's authors appear to be trying to build a big moneymaker, but not a cyber weapon of mass destruction as many people feared.

As many as 12 million computers have been infected by Conficker. Security firm Trend Micro says some of the machines have been updated over the past few days with fake antivirus software - the first attempt by Conficker's authors to profit from their massive "botnet."

Criminals use bogus security software to extort money. Victims are told their computers are infected, and can be fixed only by paying for a clean-up that never happens.

Conficker gets on computers through a hole Microsoft patched in October. PCs set up for automatic Windows updates should be clean.


Here are a few links about the conficker
microsoft
Conficker Working Group

3 comments:

Owen Choo said...

Looks like now you became a part time worm catcher already ;p

jasmine said...

Hi chun.i stumbled upon your blog when i was searching for a remedy for the ptptn blacklist thingy. i got blacklisted as well n its so shitty! I really need to be un-blacklisted as I've already bought return tix to europe.wanted to ask u on whether u found a solution for it? do I have to appeal to ptptn? really looking forward to ur advice as im soo anxious! thanks alot.

Chun said...

Hi Jasmine,
I have paid to ptptn but still need to do more. I will post more about it when i have more info.