Slashdot Mirror

← Back to Stories (view on slashdot.org)

New, Stealthy Conficker B++ Worm Discovered

Posted by CmdrTaco on from the god-i-love-that-name dept.

nandemoari writes "A new variant of the Conficker/Downadup worm has been detected. The worm opens a backdoor on an infected machine and allows hackers remote control of infected PCs. Dubbed Conficker B++ (and not to be confused with Conficker B), the new variant of the worm opens a backdoor with auto-update functionality, allowing a hacker to distribute malware to infected machines. It's difficult to know exactly how long Conficker B++ has been circulating, but researchers first noticed it on February 6 of this year." If this seems familiar to you, it probably is.

3 of 87 comments (clear)

  1. Detection by jetsci · · Score: 3, Interesting

    Anyone know the procedure for detecting these? I imagine A/V companies setup 'honeypots' of sorts on high traffic networks and that but how do you detect something new like this? Do they track it through an old signature?

    --
    Bored at work? Play Game!
  2. Re:profit motive by Saint+Aardvark · · Score: 5, Interesting

    You laugh, but that situation is just what F-Secure describes for an unrelated bit of Facebook malware. FTFA:

    As we pointed out in yesterday's post, the timing of the Facebook "Error Check System" application and the subsequent Google search results pointing to rogue antivirus sites was almost too perfect to be a coincidence. It's entirely possible that the whole situation was designed to promote XP Antivirus variants such as "Antivirus 360" and "XP Police" (Rogue:W32/XPAntivirus). That's the formula, create something that spawns a search, then be ready to provide results that redirect to malicious sites. Either that or the bad guys are very quick on their feet and are ruthlessly opportunistic.... They're both.

    --
    Carousel is a lie!
  3. Re:profit motive by stevey · · Score: 3, Interesting

    That's not necessarily true - I mean the skills required to exploit a known security hole aren't terribly difficult.

    If you're familiar with a small amount of low-level coding you can easily follow cookbook-style tutorials to getting shellcode executed. At that point you're done.

    Sure you need to do some disguising, and you need to understand a bit of crypto to setup a key-verification for downloading updates.

    But I'd expect there are literally millions of coders still kicking around from the 80s/90s who did assembly programming under MS-DOS who would be able to write that kind of code - and because it isn't really really skilled work the chances are high that a significant proportion of those developers are unemployed.