From CNN -
The Conficker worm, which was supposed to be activated last April 1 but didn't, is finally doing something--updating via peer-to-peer between infected computers and dropping a mystery payload, probably a keystroke logger, on infected computers, Trend Micro said on Wednesday.
The software appeared to be a .sys component hiding behind a rootkit, and is heavily encrypted, which makes analysis difficult. It also tries to connect to popular websites as a way to test that the infected computer has Internet connectivity, and deletes all traces of itself, and is set to shut down on May 3.
Thursday, April 9, 2009
Conficker wakes up, updates via P2P, drops payload
Subscribe to:
Post Comments (Atom)
1 comments:
Love how the media is trying as hard as they can to associate peer to peer file sharing with this virus. Give it up. From their own article the virus woke up and contacted a *server* to get it's 'mystery payload' And as far as using "P2P technologies" to spread - hello?? Isn't that how 90% of virus's spread? From Peer to Peer (another way of saying computer to computer) If it was using the bittorrent protocol to spread it seems like they'd come out and say it, but it's not so this virus has nothing to do with trying to get Led Zeppelin III onto your iPod. http://www.thepiratebay.org is still safe.
Post a Comment