Conficker.e started to implement 'money-making mission'

Last night (9/4) there is a new variant Conficker worm was born to continue to perform the unfinished 'mission' that Conficker.c did not do during the last April fishing day .

Conficker.e 'born'

Kevin Hogan - Group director reacting to Symantec's security conditions - said the new variant Conficker was named Conficker.e. Beginning last night this variant began to be secretly distributed and infiltrated PCs through the connection channel that Conficker.c had previously created.

Specifically, Conficker.c has successfully established a new update communication channel between PC infected with hackers to help it quickly receive attack commands and update new versions.

Also this variant is added to the ability to connect to other infected PCs via P2P peer-to-peer connection to enable them to conveniently update the new version and attack code to any PC. Infected even in the case of server destruction and speeding up the spread of new variants.

Mr. Hogan said the initial analysis showed that Conficker.e is very similar to the first version discovered in November 2008. ' Preliminary look at Conficker.e is quite similar to Conficker.a. But in fact this is a completely new version and the synthesis of the source code from the variants that are currently spreading on the Internet . '

'Beat the board'

Security firm Symantec said this time Conficker.e did not go alone, but it also brought a "many" other malicious software to attack the PC with the aim of helping it quickly achieve the purpose of fast attack Best.

First of all, there is Waledac's presence in that 'council'. This is a "kidnapping" type of BOT malicious code and has turned PC users into a well-known spam distribution tool in the last few months.

One of the reasons Waledac is famous because it is considered an upgraded version of the computer worm is notorious for spreading spam spam. The security community believes that Waledac developers are also among those who programmed and controlled Storm.

Similar to Storm, once successful, Waledac will also install a Trojan malicious code to help remote hackers gain control and turn the PC of a user into a dedicated BOTNET network member. spam.

' There have been two issues here that need to be taken care of ,' Hogan strongly emphasized this when talking about Conficker.e-Waledac 'coalition'. ' The first is that the people who developed Waledac also aimed at the group of people behind the wire to control Conficker or at least the two development teams Conficker and Waledac are connected '.

' The second is that the Conficker drivers have decided to sell or lease the network of PCs they have kidnapped to those who distribute Waledac so that this person can use them for the purpose of distributing spam. If this is true, Conficker dispersers have begun to take the necessary actions to accomplish the goal of monetizing malicious code . '

Since appearing until now, this is the first time Conficker has been involved in spam. ' Conficker spreads spam is something that has actually been proven. The problem lies in the dark, is there any relationship between the two development groups Conficker and Waledac , 'Hogan said.

Fake security software

Kaspersky Lab also discovered that this time Conficker.e also entailed a fake security software. This type of software often deceives users with security warnings or fake malware infections. They will constantly pop out warning pop-ups as long as users accept to pay for them.

Specifically - Kaspersky expert Alex Gostev said - Conficker.e downloaded and installed fake security software called SpywareProtect2009. To get rid of this annoying software, users have to accept to pay the hackers $ 50.

The story of Conficker spreading fake security software is not something new. The first variant of this computer worm also released a fake security software but was not very successful.

Unlike variant Conficker.c, variant Conficker.e has been restored to the ability to exploit dangerous security vulnerabilities in Windows as it was in the first variant. In fact Conficker.c is just an upgrade directly to infected PCs, not actively infecting like variants Conficker.b.

" If hackers want to continue to distribute Conficker to make a profit, then they must spread and infect this computer worm more aggressively on more PCs ," said Hogan. 'I can confirm that Conficker will be more dangerous here than it was last time.'

Start making money

Clearly with all the above features, we can see that those behind the wire control Conficker after a while began to show clearly the motivation to develop this dangerous computer worm. That is the goal of making money from illegal activities. This is the ultimate and most important goal of Conficker.

' The global community has been too focused on the April 1 event and the Conficker.c variant that seems to forget the ultimate goal of this computer worm ,' Hogan said.

This is also very easy to understand because the two recent Conficker variants - particularly the Conficker.b variant that infected more than 4 million PCs globally - have not shown a clear incentive to make money.

But no matter what, it is a malicious code that has been developed, so in the past, all of them have the same motive of making money. Conficker is no exception.