madison
Home / News & Blogs

Report: Conficker in attack mode

Staff ZDNet Asia | April 29, 2009 4:58 AM PDT

Summary

According to the Xinhua News Agency, the Conficker worm is now reportedly installing a second mass-mailing virus into already infected machines.

Topics

Xinhua News Agency, E-mail Spam, Conficker, Conficker Threat, Waledac, Cyberthreats, Viruses And Worms, E-mail, Security, Spam And Phishing, Online Communications, Xinhua, spam, virus, worm, Staff ZDNet Asia
The Conficker threat has a new twist, with the worm now reportedly installing a second mass-mailing virus that many know as Waledac.

According to a report by Xinhua News Agency, Conficker-infected machines are now being turned into servers for e-mail spam. Quoting Vincent Weafer, vice president of Symantec Security Response, Xinhua reported Conficker now installs a second virus--Waledac--that sends out e-mail spam without the computer owner's knowledge.

Read also: Conficker's estimated economic cost? $9.1 billion

"Expect this to be long-term, slowly changing," Weafer was quoted as saying of the Conficker impact. "It's not going to be fast [or] aggressive."

According to security vendor Trend Micro, the worm also installs malware that masquerades as antivirus software.

Earlier this month, Trend Micro's advanced threats researcher Paul Ferguson, said Conficker and Waledac originated from the same authors. Waledac has been referred to by some experts as a new version of Storm, a mass-mailing worm that surfaced in early 2007.

This article was originally posted on ZDNet Asia.

Talkback Most Recent of 35 Talkback(s)

  • I was concerned.
    For a moment there I thought this wasn't business as usual.
    ZDNet Gravatar
    kozmcrae
    29th Apr 2009
  • How many companies went under?
    I wonder how many companies are put out of business
    due to the software flaws in Windows?
    ZDNet Gravatar
    Christian_<><
    29th Apr 2009
  • About as many...
    ...as went out of business due to the real overhead costs associated with running a "free for all" Linux desktop environment.
    ZDNet Gravatar
    d.gruntled
    29th Apr 2009
  • ha ha ha
    $9 billion compared to what, hiring REAL
    Systems Engineers and Admins.

    har har

    I don't think there is any Linux distro that
    has racked up $9 billion in damages and
    Linux distro's POWER ALL of the servers providing
    DNS/EMAIL/DHCP/ORACLE...
    ZDNet Gravatar
    Christian_<><
    29th Apr 2009
  • You point to hiring "real" sys admins
    yet conveniently blame conficker on MS, never mind the fact that the patch was out 4 months before the virus. I guess Linux servers without security updates applied are immune but the coders have nothing better to do than release patches anyway...

    And really? ALL servers doing DNS/E-mail/DHCP/Oracle? Oracle runs on Windows servers and is fairly popular on a Windows platform. Exchange powers more mail servers, with a far richer set of features, than any Linux mail platform, DNS is almost always run internally on Windows AD servers... So all you proved is you're completely clueless.
    ZDNet Gravatar
    LiquidLearner
    29th Apr 2009
  • Thats funny...
    ...many people laugh when I mention Oracle is being run on Windows at my current employer. Mail servers depend on where you're looking. Exchange runs corporate email but you aren't going to find it running for application based "no-reply" emails or all of the small businesses out there that use email accounts along with web hosting. The same is true for AD and DNS...its a big company thing but there are far more small companies.

    Its seems that all you proved is that you don't pay attention to business as a whole.
    ZDNet Gravatar
    storm14k
    29th Apr 2009
  • Somewhat true
    More SMB runs Exchange than you might imagine. Active Directory is almost a given, which means local DNS at most places. You are right, very few ISPs are going to run Windows for DNS and even fewer hosting companies are going to run Windows as a web server. I'm not sure how that means "I don't pay attention to business as a whole". Lyris is the most popular list-serv I've found, which handles your "no reply" e-mails. And interestingly, while there is a Linux product, they push their Windows variant quite heavily. I've found Lyris on Windows servers where almost everything else is Linux. I know, strange. Not exactly sure why you'd pay for a Windows server license when Linux would run it. And I'm not even being sarcastic, I understand the uses for Linux. On the server it can be quite useful.

    If you really think "AD" is a big business thing then maybe you should look at your own comments. In fact, very few SMB are going to deploy Linux servers because it's much easier to find a Windows service company to handle their needs than a Linux one.
    ZDNet Gravatar
    LiquidLearner
    29th Apr 2009
  • The person or persons...
    Who created the conficker worm were not too concerned with Microsoft's patch apparently. Why bother writing code for a security hole Microsoft created when it's already been discovered and patched?
    ZDNet Gravatar
    kozmcrae
    29th Apr 2009
  • Two reasons..
    1.) It's a known vulnerability. They reverse engineered the patch to see what changed and why and figured out what the flaw was to begin with. Given Microsoft went out of their way to provide the patch "out of band" - i.e. NOT on Patch Tuesday - made it stand out all the more. It's low hanging fruit for hackers.

    2.) They know users and admins can be lazy about patching.

    That kinda made it a no brainer.
    ZDNet Gravatar
    Wolfie2K3
    30th Apr 2009
  • Gee, why isn't Linux affected by this?
    {snicker} wink
    ZDNet Gravatar
    hasta la Vista, bah-bie
    30th Apr 2009
  • That many!
    Wow! That many!
    I thought 99% of all computers ran the Windows OS? I would expect a
    larger number of Windows computers would be effected? All of my
    Windows using clients have been effected.
    ZDNet Gravatar
    john_gillespie@...
    29th Apr 2009
  • Your Windows using clients...
    Is that because they are clients of yours? None
    of my clients have been affected... lol

    ZDNet Gravatar
    greggatshack
    29th Apr 2009
  • RE: Report: Conficker in attack mode
    *yawn*
    ZDNet Gravatar
    buddha2lotus
    29th Apr 2009
  • RE: Report: Conficker in attack mode
    I am dissecting conficker.e
    If you are interested: http://extraexploit.blogspot.com
    Feedback are welcome.
    Thank you for your attention.

    Regards
    ZDNet Gravatar
    extraexploit
    29th Apr 2009
  • RE: Report: Conficker in attack mode
    Guys the best place on the Internet to go to in case you need to defend a conficker infected installation is: http://itriskspace.com/2009/03/31/1238505660000.html

    Several visitors left similar comments and Microsoft Technet linked the instruction as well on their page in Europe.

    Cheers
    -Andreas
    ZDNet Gravatar
    ITRiskSpace.com
    29th Apr 2009
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity