Microsoft warns of copycat Conficker worm

A modified version of an old worm has taken notes from Conficker and is using similar attacks.

The 1 April Conficker scare may have come and gone, but Microsoft has uncovered a new worm that has updated itself to imitate Conficker's characteristics.

The worm Neeris' has been active for a few years, but has been updated to target the same Microsoft flaw MS08-067 which Conficker exploited to become so successful.

Other similarities between Neeris and Conficker are that it downloads a copy of the worm from the attacking machine using HTTP, spreads via autorun, and uses a driver to patch the TCP/IP layer of the system.

Microsoft researchers Ziv Mador and Aaron Putnam wrote on the Malware Protection Centre blog that it was interesting that the variant of Neeris spiked' between late 31 March and 1 April, when the Conficker hype was at its highest.

However, no Conficker variant downloaded Neeris and there was no evidence it was related to Conficker.D's 1 April algorithm change.

They said: "The earliest samples of Neeris date back to May 2005, so it seems the Conficker authors may be the copycats here... But the Neeris authors added the MS08-067 vector later."

"Therefore it is possible that these miscreants somehow collaborate or at least are aware of each other's products'."

The researchers similar fixes apply to Neeris as to Conficker. They advised installing the MS08-67 patch, use only AutoPlay options that were familiar, and consider disabling autorun altogether.

More fixes and information about Neeris are available here.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Security best practices for PostgreSQL

Securing data with PostgreSQL

Download now

Transform your MSP business into a money-making machine

Benefits and challenges of a recurring revenue model

Download now

The care and feeding of cloud

How to support cloud infrastructure post-migration

Watch now

Recommended

How to encrypt files and folders in Windows 10
encryption

How to encrypt files and folders in Windows 10

9 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Evidence suggests REvil behind Harris Federation ransomware attack
ransomware

Evidence suggests REvil behind Harris Federation ransomware attack

9 Apr 2021
Fujitsu taps Trend Micro to secure private 5G networks in smart factories
5G

Fujitsu taps Trend Micro to secure private 5G networks in smart factories

8 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
Data belonging to 500 million LinkedIn users found for sale on hacker marketplace
hacking

Data belonging to 500 million LinkedIn users found for sale on hacker marketplace

8 Apr 2021