Microsoft Warns of Copycat Conficker Worm

nk497 writes "Microsoft is warning that malware writers have adapted a four-year-old virus to use features of Conficker to take advantage of Windows flaws. Other similarities between the adapted Neeris worm and Conficker are that it downloads a copy of the worm from the attacking machine using HTTP, spreads via autorun, and uses a driver to patch the TCP/IP layer of the system. It even saw a traffic jump around the first of April, when the Conficker hype peaked. But the Microsoft researchers suggested Conficker may have copied Neeris, or that they're copying each other: 'It is possible that these miscreants somehow collaborate or at least are aware of each other's "products."'"

Uh oh

[Rik+Sweeney]

This is could one of two ways, either the viruses will try and outdo each other by doing more and more outrageous things to the victim's computer or (and let's face it, this would be more amusing) they'll try and kill each other to get sole ownership of the PC.

Either way, I'm glad I use Linux.

Re:Uh oh

[sopssa]

The funny thing is that Conficker does actually protect against this worm. When conficker infects a system it patches the vulnaribility. It will only be open for new conficker variants, as it will see that anything coming thru it is digitally signed with a correct certificate.

Re:Uh oh

[InsertWittyNameHere]

he viruses will try and outdo each other by doing more and more outrageous things to the victim's computer

I miss the virus's of the 90's that would randomly open and close your CD tray. They should bring that back. Slightly amusing and didn't steal personal data.

Shocking...

[fuzzyfuzzyfungus]

I, for one, am amazed to learn that criminal software developers behave quite similarly to ordinary ones. Reusing code, copying features from industry leaders, why, they probably even use revision control systems!

Seriously, though. It would be more of a surprise if they weren't doing this. Of course players in a competitive market are going to be watching each other and adopting each others best features.

Worms copying each other

[Ed+Avis]

How long before each worm includes a copy of its source code in a git repository, searches out other variants of the same worm on the infected system or across the net, and randomly exchanges patches with them to create hybrid offspring? The worm would need some way to compile itself, of course (unless written in Javascript or other scripting language where the interpreter is included with Windows).

Microsoft wants you to have the genuine worm

[mspohr]

I can see that Microsoft is concerned that some people might be getting an imitation worm. They are warning that there is only one real conficker worm.

They will shortly be releasing a tool to test your system to make sure you have the real worm and not some impostor/pirate copy of the worm. This will be an extension of the WGA program.

Of course! They're connected to teh intertubes

[Bearhouse]

"It is possible that these miscreants somehow collaborate or at least are aware of each other's 'products.'"

Well, no shit, Sherlock. Guess they must have Internet connection too, then...

With all the resources at Microsoft's disposal, you'd have thought that they'd have come up with a specific fix. Yes, I'm aware that regularly-patched machines are better protected, but the evidence is clear that many people don't do that; (and not just the pirates, either).

If Ms supplied something that detected/removed/protected against up&down, (free, with no 'Genuine Advantage / Validation' bs), then I'm sure pretty soon all the media would link to that & the sheeple would rush to download & install... How about it, Redmond?

Re:Four years?

[Shrike82]

It's more like "You turned off autoupdates and don't have antivirus software, so watch out".

Conficker only affects out-of-date systems made vulnerable by idiots turning off security systems to gain a small performance improvement.

But hey, don't let me interrupt your "Bash M$; get karma" rant...

Miscreants!

[GogglesPisano]

Why, I very nearly dropped my monocle when I heard that the rascals might be cahoots! Perhaps they have some sort of network (a system of tubes, perhaps?) that allows them to share their diabolical plans! Fiendishly clever!

We must safeguard our computing engines! I say we must find these these rogues and hang them from the highest scaffold in the land!

Re:Of course! They're connected to teh intertubes

[Bearhouse]

Disagree. Windows security issues are a major concern for Microsoft's customers, and hence to them. Apple, BSD/*x and FOSS boosters, (and yes, I'm one) regularly point out how much more 'secure' their platforms are. (Of course, as debated endlessly here and elsewhere, that may be as much a function of market share as inherent design, although few informed people would seriously challenge the latter).

Of course, it's not just the OS, it's the apps. Ms makes a lot from selling 'Office' too, which has its own vulnerabilities.

So, since the competition is 'free' (*x & Ooo) and more secure, yes, I guess they do give a damn.

Idiots guide to detecting Conficker

[Shrike82]

While doing a bit of looking around for another post in this thread I found what's basically an idiot's guide to detecting conficker. It uses pictures to show you if you have it.

This tickled my funny bone for some reason; you have to love the lets-use-pictures approach!