Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Rik Ferguson, senior security advisor at Trend Micro, claimed that the ‘E' variant of the downadup worm has been detected by Trend Micro labs, that are now using a previously-established P2P network to contact and network with other infected machines.
Ferguson claimed that using P2P, it infects machines that reach out to other machines in order to build a network of infected machines. It is building slowly and organically, and this demonstrates that it is coming of age. Ferguson said: “For April 1, the world media focused the HTTP botnet attacks, but the P2P is more based on affected data and the controllers can slip an update into the P2P file share. It is completely decentralised and launched from the success of the more mainstream P2P network. “It reintroduces a propagation technique in that it tries to use the Microsoft vulnerability that is switched off, that it is based on. It will try to connect to the domain name to see if there is an internet connection, and will then connect to an IP address, if there is no connection then it will connect to local IP addresses.” He further claimed that although it is early days in terms of analysis, there appears to be a link between Downadup/Conficker and the Storm and Waledac worms. Ferguson said: “The server that it is trying to connect to appears to be the same one that has been used by the Waledac worm, and there has been a suspicion that the same people behind Waledac were behind the Storm virus, there is a server in common and it points to a link between all three – Storm, Waledac and Conficker.” See original article on scmagazineuk.com
Ferguson claimed that using P2P, it infects machines that reach out to other machines in order to build a network of infected machines. It is building slowly and organically, and this demonstrates that it is coming of age. Ferguson said: “For April 1, the world media focused the HTTP botnet attacks, but the P2P is more based on affected data and the controllers can slip an update into the P2P file share. It is completely decentralised and launched from the success of the more mainstream P2P network. “It reintroduces a propagation technique in that it tries to use the Microsoft vulnerability that is switched off, that it is based on. It will try to connect to the domain name to see if there is an internet connection, and will then connect to an IP address, if there is no connection then it will connect to local IP addresses.” He further claimed that although it is early days in terms of analysis, there appears to be a link between Downadup/Conficker and the Storm and Waledac worms. Ferguson said: “The server that it is trying to connect to appears to be the same one that has been used by the Waledac worm, and there has been a suspicion that the same people behind Waledac were behind the Storm virus, there is a server in common and it points to a link between all three – Storm, Waledac and Conficker.”
Ferguson said: “For April 1, the world media focused the HTTP botnet attacks, but the P2P is more based on affected data and the controllers can slip an update into the P2P file share. It is completely decentralised and launched from the success of the more mainstream P2P network.
“It reintroduces a propagation technique in that it tries to use the Microsoft vulnerability that is switched off, that it is based on. It will try to connect to the domain name to see if there is an internet connection, and will then connect to an IP address, if there is no connection then it will connect to local IP addresses.”
He further claimed that although it is early days in terms of analysis, there appears to be a link between Downadup/Conficker and the Storm and Waledac worms.
Ferguson said: “The server that it is trying to connect to appears to be the same one that has been used by the Waledac worm, and there has been a suspicion that the same people behind Waledac were behind the Storm virus, there is a server in common and it points to a link between all three – Storm, Waledac and Conficker.”
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.