Trend Micro : New variant of Conficker in the wild

By on

It seems that the Conficker threat , which was said to activate on April 1, is still not over; as a mysterious new payload has been introduced to infected computers and is said to be a new variant of the worm, according to a blog posting on the Trend Micro Malware blog.

The latest variant, known as WORM_DOWNAD.E by Trend Micro, is known to be spreading over the a peer-to-peer connection established by the previous variant to the worm. However, this one will reactivate the original functions and open a brand new port, port 5114.

However, the interesting thing is that it is said to stop working on May 3rd, 2009. Another thing is also interesting that it is connecting to a well-known domain address that is linked to another worm, known as Waledac, and download another encrypted file.

“This new Downad/Conficker variant is talking to servers which are known already for being associated with the Waledac family of malware, in order to download further malicious components. These components have so far been missing, but could this finally be the “other boot dropping” that we have all been waiting for?” Rick Ferguson wrote on the Trend Micro’s Countermeasures blog.

“Could it be that Downad/Conficker, Waledac and Storm all originate from the same cybercriminal gang?”

The Conficker worm is known to spread via a hole in Windows 2000, Windows XP, Windows Vista, Windows Sever 2003, Windows Server 2008 and the latest beta of Windows 7; but Microsoft has offered a patch since October of last year. It also spreads via the network and removable storage devices.

TECHGEEK.com.au advises you to update your computer as soon as possible to limit any threat.