New variant of Conficker worm detected that utilises P2P file sharing

News by Dan Raywood

A new variant of the Conficker/Downadup worm has been detected that utilises peer-to-peer (P2P) file sharing networks.

A new variant of the Conficker/Downadup worm has been detected that utilises peer-to-peer (P2P) file sharing networks.

 

Rik Ferguson, senior security advisor at Trend Micro, claimed that the ‘E' variant of the downadup worm has been detected by Trend Micro labs, that are now using a previously established P2P network to contact and network with other infected machines.

 

Ferguson claimed that using P2P, it infects machines that reach out to other machines in order to build a network of infected machines. It is building slowly and organically, and this demonstrates that it is coming of age.

 

Ferguson said: “For the 1st April, the world media focussed the HTTP botnet attacks, but the P2P is more based on affected data and the controllers can slip an update into the P2P file share. It is completely decentralised and launched from the success of the more mainstream P2P network.

 

“It reintroduces a propagation technique in that it tries to use the Microsoft vulnerability that is switched off, that it is based on. It will try to connect to the domain name to see if there is an internet connection, and will then connect to an IP address, if there is no connection then it will connect to local IP addresses.”

 

He further claimed that although it is early days in terms of analysis, there appears to be a link between Downadup/Conficker and the Storm and Waledac worms.

 

Ferguson said: “The server that it is trying to connect to appears to be the same one that has been used by the Waledac worm, and there has been a suspicion that the same people behind Waledac were behind the Storm virus, there is a server in common and it points to a link between all three – Storm, Waledac and Conficker.”

 

 

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events