RSS Alerts

Share

More services

Related Stories

  • Infosecurity - the Week in Brief
    Ghost in the machine The Information Warfare Monitor published a report on GhostNet, a cyber-espionage network that it discovered after conducting a security audit for the Dalai Lama's Tibetan Government in Exile. Almost 1300 machines were discovered in a micro-botnet controlled from servers mainly in Chinese IP blocks. The 30% of machines that it identified were of high importance to Chinese interests, it found. The Dalai Lama has condemned the whole affair, and the Chinese government is denying everything.
  • Comment: Thoughts from a security researcher on Conficker
    Patrick Runald, senior threat research manager at Websense Security Labs shares his thoughts on Conficker as the worm reaches its first anniversary of appearing in the wild.
  • Nine lives - when malware becomes self-modifying
    As the Conficker (aka Downadup and Kido) worm proved when it first appeared in October 2008, there's more to a piece of malware code than meets the eye, especially when it is self-updating. But can self-updating also mean self-modifying? Steve Gold investigates whether an IT security manager's nightmare has become programming reality...
  • IBM warns over four percent Conficker infection rate
    After scanning around two million PCs, IBM's ISS security division says that around four percent of the PCs it scanned were infected by the Conficker worm.
  • New variant of Ramnit financial malware targeting Facebook users
    Ramnit is not a new worm, as it was first reported back in April 2010. Last summer it evolved into financial malware. Now its developers are specifically targeting Facebook users.

Top 5 Stories

News

Conficker methodology appears in updated Neeris worm

07 April 2009

Even though version D of the Conficker worm failed to cause havoc - as was widely predicted - on April 1, the worm's methodology continues to cause problems in the shape of an updated version of the Neeris worm.

Even though version D of the Conficker worm failed to cause havoc - as was widely predicted - on April 1, the worm's methodology continues to cause problems in the shape of an updated version of the Neeris worm.

According to Microsoft, the Neeris worm - which dates back to 2005 - has been updated to exploit the same vulnerability which is being targeted by the assorted variants of Conficker now doing the rounds.

In a blog entry, Microsoft's Malware Protection Centre says that the new variant of Neeris spiked on March 31/April 1.

"However it was not downloaded by any Conficker variant and there is no evidence that it is related to Conficker.D April 1 domain algorithm activation," says the blog entry.

Microsoft has named the new version of the worm as Win32/Neeris.gen!C.

The most interesting aspect of the new version of Neeris is that Conficker malware methodology has been re-exploited in the new version, suggesting that the hackers behind Conficker may be using a worm creation kit, rather than coding from scratch.

http://onecare.live.com/standard/en-us/virusenc/VirusEncInfo.htm?VirusName=Worm:Win32/Neeris.gen!C

This article is featured in:
Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012