Trend Micro has discovered a new Conficker version, now known as WORM_DOWNAD.E, sourced by a known Conficker P2P IP node. New finding may indicate more serious attacks coming.
WORM_DOWNAD.E uses random file and service names and it is known to connect at least myspace.com, msn.com, ebay.com, cnn.com and aol.com sites. The new variant propagates also via MS08-067 to external IPs if the Internet is available. If connections are not found then the worm uses local IPs.
Good summary of third party information on Conficker aka Downadup worm can be accessed on dshield web site.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment