Microsoft warns of copycat Conficker worm

A modified version of an old worm has taken notes from Conficker and is using similar attacks.

The 1 April Conficker scare may have come and gone, but Microsoft has uncovered a new worm that has updated itself to imitate Conficker's characteristics.

The worm Neeris' has been active for a few years, but has been updated to target the same Microsoft flaw MS08-067 which Conficker exploited to become so successful.

Other similarities between Neeris and Conficker are that it downloads a copy of the worm from the attacking machine using HTTP, spreads via autorun, and uses a driver to patch the TCP/IP layer of the system.

Microsoft researchers Ziv Mador and Aaron Putnam wrote on the Malware Protection Centre blog that it was interesting that the variant of Neeris spiked' between late 31 March and 1 April, when the Conficker hype was at its highest.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

However, no Conficker variant downloaded Neeris and there was no evidence it was related to Conficker.D's 1 April algorithm change.

They said: "The earliest samples of Neeris date back to May 2005, so it seems the Conficker authors may be the copycats here... But the Neeris authors added the MS08-067 vector later."

"Therefore it is possible that these miscreants somehow collaborate or at least are aware of each other's products'."

The researchers similar fixes apply to Neeris as to Conficker. They advised installing the MS08-67 patch, use only AutoPlay options that were familiar, and consider disabling autorun altogether.

More fixes and information about Neeris are available here.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/cloud/cloud-computing/354767/google-cloud-snaps-up-multi-cloud-analytics-platform-for-26bn
cloud computing

Google Cloud snaps up multi-cloud analytics platform for $2.6bn

13 Feb 2020
Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/cyber-attacks/354747/apple-mac-malware-detections-overtake-windows-the-first-time
cyber attacks

Apple Mac malware detections overtake Windows the first time

11 Feb 2020