IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft warns of copycat Conficker worm

A modified version of an old worm has taken notes from Conficker and is using similar attacks.

The 1 April Conficker scare may have come and gone, but Microsoft has uncovered a new worm that has updated itself to imitate Conficker's characteristics.

The worm Neeris' has been active for a few years, but has been updated to target the same Microsoft flaw MS08-067 which Conficker exploited to become so successful.

Other similarities between Neeris and Conficker are that it downloads a copy of the worm from the attacking machine using HTTP, spreads via autorun, and uses a driver to patch the TCP/IP layer of the system.

Microsoft researchers Ziv Mador and Aaron Putnam wrote on the Malware Protection Centre blog that it was interesting that the variant of Neeris spiked' between late 31 March and 1 April, when the Conficker hype was at its highest.

However, no Conficker variant downloaded Neeris and there was no evidence it was related to Conficker.D's 1 April algorithm change.

They said: "The earliest samples of Neeris date back to May 2005, so it seems the Conficker authors may be the copycats here... But the Neeris authors added the MS08-067 vector later."

"Therefore it is possible that these miscreants somehow collaborate or at least are aware of each other's products'."

The researchers similar fixes apply to Neeris as to Conficker. They advised installing the MS08-67 patch, use only AutoPlay options that were familiar, and consider disabling autorun altogether.

More fixes and information about Neeris are available here.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022