IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

New variant of Conficker strikes

New Conficker variant talks to servers associated with the Waledac botnet, and downloads an ‘unknown’ payload.

Security researchers have discovered a new variant of Conficker, which has downloaded a payload from servers connected to the Waledac botnet.

A week after the April Fool's Conficker scare, a dropper' came through which updated Conficker and added new functionality through its P2P connectivity.

The new Conficker variant was also talking to servers and websites that were already known for their associations with the Waledac family of malware.

Trend Micro said in an interview with eWeek it had already downloaded a further component that it was currently analysing, but had some "rootkit capabilities".

Trend Micro security expert Rik Ferguson said it could be the payload which could finally monetise the botnet: "These components have so far been missing, but could this finally be the other boot dropping' that we have all been been waiting for?"

Waledac is a spambot that steals sensitive information and turns computers into spam zombies.

It was suspected to be the latest threat from the people behind Storm, which could mean that the same cybercriminals were behind all three threats.

Ferguson said to IT PRO: "It tallies with some of the assumptions people have made about Conficker that the first variant was actively trying to avoid Ukraine because Waledac was Eastern European."

The worm also re-enabled propagation functionality which had previously been disabled on previous versions.

By connecting to one of myspace.com, msn.com, ebay.com and cnn.com, the worm helped establish whether a computer was internet connected or whether it could only infect a local network.

Users were warned not to be alarmed, and to continue to exercise caution and implement security best practices such as keeping patches current and antivirus definitions up to date.

More on the Conficker threat is here, while the worm threat of 2009 has also been looked at.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

The secure cloud configuration imperative
Whitepaper

The secure cloud configuration imperative

7 Mar 2022
The secure cloud configuration imperative
Whitepaper

The secure cloud configuration imperative

7 Mar 2022
Trend Micro Worry-Free Business Security review: Great cloud-managed malware protection
endpoint security

Trend Micro Worry-Free Business Security review: Great cloud-managed malware protection

7 Dec 2021
Access brokers are making it easier for ransomware operators to attack businesses
cyber security

Access brokers are making it easier for ransomware operators to attack businesses

1 Dec 2021

Most Popular

Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022