It’s believed that the cyber rogues behind the notorious Conficker worm may finally be gearing up for more serious attacks. Security company Trend Micro has discovered a new file sourced by a known Conficker P2P IP node. It’s a new variant of Conficker now known as WORM_DOWNAD.E. 

Trend Micro threat researchers had been monitoring for signs of Conficker activity and discovered increasing P2P communications from the Conficker peer nodes, believed to be hosted in Korea. The file, found in the Windows Temp folder, was created on April 7, 2009 at 07:41:21 PM, PDT, the company informs.

A Microsoft security report also talks about rogue security software, (a.k.a. “scareware”). The report says rogue software lures users into paying for protection that, unknown to them, is actually malware offering little or no real protection, and is often designed to steal personal information. 

The new variant, WORM_DOWNAD.E, runs using a random file name and random service name; it is known to connect to the following sites:,,,, and This also propagates via MS08-067 to external IPs if the Internet is available; however if no connections are found, it uses local IPs.

It spreads through vulnerabilities in the operating systems.

So, Internet users should install and update their security software to ensure their PCs are protected from Web threats like this that are fast, stealthy, and hard-to-detect.


About Rakesh Raman

Have extensive editorial, content management, and integrated communications experience and have worked as a senior tech journalist, analyst, and columnist with different newspapers, magazines, and Web/online properties in India.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s