It’s believed that the cyber rogues behind the notorious Conficker worm may finally be gearing up for more serious attacks. Security company Trend Micro has discovered a new file sourced by a known Conficker P2P IP node. It’s a new variant of Conficker now known as WORM_DOWNAD.E.
Trend Micro threat researchers had been monitoring for signs of Conficker activity and discovered increasing P2P communications from the Conficker peer nodes, believed to be hosted in Korea. The file, found in the Windows Temp folder, was created on April 7, 2009 at 07:41:21 PM, PDT, the company informs.
A Microsoft security report also talks about rogue security software, (a.k.a. “scareware”). The report says rogue software lures users into paying for protection that, unknown to them, is actually malware offering little or no real protection, and is often designed to steal personal information.
The new variant, WORM_DOWNAD.E, runs using a random file name and random service name; it is known to connect to the following sites: myspace.com, msn.com, ebay.com, cnn.com, and aol.com. This also propagates via MS08-067 to external IPs if the Internet is available; however if no connections are found, it uses local IPs.
It spreads through vulnerabilities in the operating systems.
So, Internet users should install and update their security software to ensure their PCs are protected from Web threats like this that are fast, stealthy, and hard-to-detect.