Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The Neeris worm, which has been circulating for about four years, now is copycatting the infectious Conficker worm, according to a Friday blog post from researchers Ziv Mador and Aaron Putnam. The Neeris variant began popping up last week -- this one customised to exploit the same Windows Server service vulnerability as Conficker. That flaw was patched last October by security bulletin MS08-067.The similarities between Neeris and Conficker don't end there. The researchers said Neeris, like Conficker, also can spread via AutoRun, a Windows feature that enables files or programs to immediately run when a removable media device, such as a USB stick or CD-ROM, is connected to a computer. Many experts attribute this propagation method to the precipitous rise of Conficker infections earlier this year."It is possible that these miscreants somehow collaborate or at least are aware of each other's 'products,'" the researchers wrote.While Neeris is nowhere close to Conficker in terms of infected nodes, at least one major US-based company has experienced a massive outbreak, Jimmy Kuo, principal architect of the Microsoft Malware Response Center, told SCMagazineUS.com. He did not know which one."It is definitely in the wild," Kuo said.Neeris' earliest variants mostly spread via MSN Messenger, an instant messaging application, and by exploiting another server service vulnerability, patched in August 2006 by the MS06-040 bulletin. Later variants, though, began propagating through other means, such as removable drives and SQL servers with weak passwords. The newest bot variant spreads via the latest server service vulnerability and leverages port 449 to attempt to contact a command-and-control server.However, security experts told SCMagazineUS.com that Neeris' variant does not figure to pose much of a problem because most people have applied MS08-067."That's a pretty well worn-out issue," said Ken Dunham, director of global response for security firm iSight Partners. "It's not really a hot vector anymore for spreading."He said he is more concerned about cybercrooks using the so-called sneakernet vector, in which a thief transfers malicious code from one machine to the next, usually by way of removable media.To protect against the worm, organisations should take the same steps as they did with Conficker, according to Microsoft. That includes installing MS08-067 and disabling AutoRun, if possible.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.