Last week, on April 1st, a large proportion of the internet held it’s breath in anticipation as the Confiker worm failed to perform on it’s mooted April Fool’s Day time slot.
This led to a great deal of discussion on sites I visit, such as Twitter, where several different explanations were offered -
- Some people suggested that Confiker was a hoax and posed no real threat at all
- There was talk of the worm being created by anti-virus vendors in order to boost their sales
- Mac fan-boys took the opportunity to say (wrongly) that viruses only affect Windows machines
- A few people thought Confiker would still raise it’s head in the future
As I myself believed, the last of those options above would appear to be true – Confiker, aka Downadup, may well have entered a new stage in it’s lifecycle.
PEER-2-PEER BOTNETS
According to Trend Micro, Confiker began updating via peer-2-peer yesterday, passing around a new file in the process.
Researchers are still looking into the new software, which is heavily encrypted, but the commentary I’ve seen so far seems to indicate that it could be a keystroke logger or other similar program designed to steal personal and/or sensitive information from the computers on which it is installed.
Confiker’s ability to update via a P2P botnet rather than through HTTP is making it that much harder to contain.
BASIC SECURITY MEASURES ARE ESSENTIAL
Basic security measures, however, can go a long way to protecting you from this virus which relies upon unpatched Windows installations and the use of weak network controls.
Therefore, the following tips may help you avoid whatever nasty new surprises Confiker now has instore -
- Always have a fully up-to-date anti-virus program running
- Install a firewall
- Ensure you use strong network passwords
- Control the use of removable storage devices
ARE YOU WORRIED ABOUT CONFIKER?
With the above in mind, are you concerned that your computer is infected by Confiker, or may become so in the future?
Please comment below and vote in the poll to the right.
UPDATE
Since I wrote this post there has been a new development in terms of Confiker’s payload, namely that it now appears to be geared towards anti-virus spam.
Kaspersky Labs’ report on the update determined that Confiker is now tempting those infected with the opportunity to buy a fake anti-virus product which, ironically, offers to remove malware.
All for the bargain price of $49.95.
Confiker also downloaded a previously identified email worm called Waledac which can steal passwords, as noted above.
Additionally, it is also capable of sending spam.
{ 4 comments… read them below or add one }
Saw the update: always had a feeling that the bottom line would be about money.
It doesn’t appear to be conclusive that Confiker is behind those attacks but, if it is, would certainly be an interesting development.
There’s a story/rumour that Conficker is launching DDOS attacks in Russia today: http://www.scmagazineuk.com/Russian-website-claims-that-Conficker-is-launching-DDoS-attacks/article/130337/
I always thought the bottom line would be disruption or spam so this development surprised me somewhat.