Conficker worm wakes up via peer-to-peer sharing

A week after the security day said that the first worm in 2009 will update the new version (1/4), Conficker has the first move and the computer infected it will receive a new code (payload) via P2P channel.

Researchers are still analyzing the software code installed on the infected computer and suspect it is a keystroke logger (recording the character entered from the keyboard) or a program designed to steal sensitive information. inside the machine.

According to Trend Micro, the worm tries to access sites like MySpace, MSN, eBay, CNN and AOL to check if the computer is connected to the Internet and "timed" to end on 3. / 5.

" After 3/5, Conficker will stop working and not continue to clone, " said Trend Micro representative.

Yesterday, the company discovered a new file in the Windows Temp folder and a large amount of encrypted TCP response from an IP point that shared peer Conficker worm in Korea.

Mafiaboy, hackers attacked a series of popular websites such as CNN, Yahoo, eBay . and caused $ 1 billion in losses in 2000 when he was 15 years old, said Conficker is just like the tip of the iceberg. This case proves that Internet security is currently not improved, even easier to "hit" than 10 years ago because then most still use dial-up connections.

Conficker is a worm that exploited the vulnerability Microsoft patched in October 2008 by Windows. After nearly 6 months, it upgraded to 3 versions and infected millions of computers. The latest version Conficker.c is supposed to update to a new variant from 1/4. However, April Fools Day passes quietly and security experts say Conficker.c will actually only be added a new element.