Conficker wakes up, updates via P2P, drops payload
The Conficker worm is finally doing something–updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday. Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is a keystroke logger or some other program designed to steal sensitive data off the machine, said David Perry, global director of security education at Trend Micro.
“As expected, the P2P communications of the Downad/Conficker botnet may have just been used to serve an update, and not via HTTP,” the blog post says. “The Conficker/Downad P2P communications is now running in full swing!” In addition to adding the new propagation functionality, Conficker communicates with servers that are associated with the Waledac family of malware and its Storm botnet, according to a separate blog post by Trend Micro security researcher Rik Ferguson. The worm tries to access a known Waledac domain and download another encrypted file, the researchers said.
Comments are closed.