Microsoft Warns of Copycat Conficker Worm

nk497 writes "Microsoft is warning that malware writers have adapted a four-year-old virus to use features of Conficker to take advantage of Windows flaws. Other similarities between the adapted Neeris worm and Conficker are that it downloads a copy of the worm from the attacking machine using HTTP, spreads via autorun, and uses a driver to patch the TCP/IP layer of the system. It even saw a traffic jump around the first of April, when the Conficker hype peaked. But the Microsoft researchers suggested Conficker may have copied Neeris, or that they're copying each other: 'It is possible that these miscreants somehow collaborate or at least are aware of each other's "products."'"

Re:Uh oh

[sopssa]

The funny thing is that Conficker does actually protect against this worm. When conficker infects a system it patches the vulnaribility. It will only be open for new conficker variants, as it will see that anything coming thru it is digitally signed with a correct certificate.

Worms copying each other

[Ed Avis]

How long before each worm includes a copy of its source code in a git repository, searches out other variants of the same worm on the infected system or across the net, and randomly exchanges patches with them to create hybrid offspring? The worm would need some way to compile itself, of course (unless written in Javascript or other scripting language where the interpreter is included with Windows).

Of course! They're connected to teh intertubes

[Bearhouse]

"It is possible that these miscreants somehow collaborate or at least are aware of each other's 'products.'"

Well, no shit, Sherlock. Guess they must have Internet connection too, then...

With all the resources at Microsoft's disposal, you'd have thought that they'd have come up with a specific fix. Yes, I'm aware that regularly-patched machines are better protected, but the evidence is clear that many people don't do that; (and not just the pirates, either).

If Ms supplied something that detected/removed/protected against up&down, (free, with no 'Genuine Advantage / Validation' bs), then I'm sure pretty soon all the media would link to that & the sheeple would rush to download & install... How about it, Redmond?

Re:Four years?

[Rosyna]

This is untrue. Conficker uses a variety of ways to spread itself. Such as installing itself as autorun on various volumes. It also includes a password attack to get admin access to a machine and infect SMB shares.

It may use additional methods as well. This is part of the reason conficker is getting so much press.

Re:Of course! They're connected to teh intertubes

[whoever57]

Disagree. Windows security issues are a major concern for Microsoft's customers, and hence to them.

I disagree with that statement. IMHO, Windows users are either:
1. Concerned about viruses, but they think their machine has some magical immunity because they don't actually think their machine might ever be infected, OR:
2. Are totally clueless about viruses and spyware.

Even on forums where experienced users post, how many times have you seen a post that is something like: "I don't use anti-virus, I'm just careful where I browse and my PC has never been infected"? Replace "never been" for "I've never been aware" and you might get something close to the truth.

Again, IMHO, Windows users for one reason or another are not significantly concerned about viruses.

One of my colleagues keeps asking why people create viruses -- I keep telling him that today, they do it for profit, but he seems to have a hard time wrapping his mind around that concept. I don't think he is atypical and I think that he, like many others, just doesn't understand how harmful viruses and spyware are and hence doesn't recognize the seriousness of the threat.