Four-year-old Neeris worm copies Conficker's attack strategies
An old, but little-known worm has copied some of the infection strategies of Conficker, the worm that raised a ruckus last week, Microsoft security researchers said late Friday.
Neeris, which harks to May 2005, is now exploiting the same Windows bug that Conficker put to good use, and is spreading through flash drives, another Conficker characteristic, said Ziv Mador and Aaron Putnam, researchers with the Microsoft Malware Protection Center.
[ IBM's estimates suggest that tens of millions of PCs may be infected by Conficker. | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]
According to Mador and Putnam, Neeris' makers recently added an exploit for the MS08-067 vulnerability that Microsoft patched last October. The emergency update -- one of the rare times Microsoft has issued a patch outside its usual monthly scheduled --- fixed a flaw in the Windows Server service, which is used for file- and print-sharing by Windows PCs.
Conficker, the worm that began using a new communications scheme to receive commands from its hacker controllers last Wednesday, exploited the same MS08-067 vulnerability to devastating effect in late 2008 and early 2009. During January, for instance, Conficker infected millions of machines, many of them by exploiting MS08-067.
"Neeris [also] spreads via Autorun," Mador and Putnam said in an entry to the malware center's blog. "The new Neeris variant even adds the same 'Open folder to view files' AutoPlay option that Conficker does."
Conficker spread from infected PCs by adding an autorun.inf file to the root directory of any USB-based device, primarily flash drives. Later, when the drive was connected to an uninfected computer, the autorun.inf file silently copied the worm to the machine.
By Gregg Keizer
source : infoworld
Tuesday, April 7, 2009
0 comments:
Post a Comment