Conficker Gets Update, Does ... Something
Conficker has started doing its thing apparently. Its thing has yet to be defined but everyone should panic anyway, okay?
Exactly one week after it was supposed to get its ducks in a line, reports began to trickle in claiming that Conficker had began updating via P2P between infected computers and dropping a mystery payload on infected machines.
According to PCWorld, researchers at Trend Micro reported that infected machines had begun receiving a binary update which tells Conficker to start scanning for other computers that haven't patched the Microsoft vulnerability the virus exploits.
The new update also tells Conficker to contact MySpace.com, MSN.com, Ebay.com, CNN.com and AOL.com apparently to confirm that the infected machine is connected to the Internet, Rik Ferguson of Trend Micro told PCWorld. What’s more Conficker also blocks infected PCs from visiting specific sites. Previous Conficker versions wouldn't let people browse to the website of security companies. This new update is timed to stop running on May 3 although it’s unclear if this deadline will pass as uneventfully as the last.
Trend Micro also notes in a blog post that it does not leave a trace of itself in the host machine. “It runs and deletes all traces, no files, no registries etc,” wrote Ivan Macalintal, an advanced threat researcher.
Conficker has infected millions of computers with the specific number varying, depending on who you ask. The number of infected computers ranges from under 5 million to nearly 15 million machines. You can read all about Conficker in our previous posts, here and here. So what’s the verdict, are you guys starting to panic yet?
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
-
jhansonxi Someone needs to make a Linux and OS X port. Too many people are missing out on the mass panic.Reply -
smartel7070 I've sold all my belongings, filled up the tank and am now on my way to the arctic circle.Reply -
sublifer Your links to the previous posts are broken.Reply
Beyond not being able to go to norton and mcafee's (and others) websites, is there any other telltale that a machine is infected? -
mustwarnothers belterThe joke is on people like us reading these articles at work instead of working.Reply
I believe that means the joke is on our employers. -
solymnar It would be quite the ironic moment if the new virus turns out to be installing AVG or a hacked version of norton antivirus etc. and patching it up to date.Reply
Granted this is unlikely in the extreme but in my own twisted mind it would be hysterical. A virus that infects PCs...and cleans them up.