Sercurity update: Conflicker is on the move
After the much speculated activation date of 1 April, many have deemed the activation of Conflicker to be a joke. However just this Wednesday, researchers from Tread micro reported that they have detected the activation of the worm
The worm is currently updating via p2p between infected systems. Along with the update, researches have also detected a payload being drop into the infected systems.
According to Tread micro malware blog, the updated worm varant now designated as WORM_DOWNAD.E has been program to connect to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com probably to test for connection. Opens port 5114 for usage as a http server. Continue to spread the infection via MS08-067 vulnerability to external networks if Internet is available or through local network. The worm is set to stop on May 3 , 2009.
In addition, the worm runs and remove all traces of itself form the infected system after running.
Conflicker/Downup, is a worm which target Window OS first detected in late 2008. It has now been regarded as the most widespread computer worm infection. The worm uses the MS08-067 vulnerability to spread it infection.
Microsoft have since release the patch for the vulnerability and released a removal guide for the worm.
Leave a Reply