RSS Alerts

Related Stories

  • Comment: Thoughts from a security researcher on Conficker
    Patrick Runald, senior threat research manager at Websense Security Labs shares his thoughts on Conficker as the worm reaches its first anniversary of appearing in the wild.
  • Nine lives - when malware becomes self-modifying
    As the Conficker (aka Downadup and Kido) worm proved when it first appeared in October 2008, there's more to a piece of malware code than meets the eye, especially when it is self-updating. But can self-updating also mean self-modifying? Steve Gold investigates whether an IT security manager's nightmare has become programming reality...
  • IBM warns over four percent Conficker infection rate
    After scanning around two million PCs, IBM's ISS security division says that around four percent of the PCs it scanned were infected by the Conficker worm.
  • Cisco annual information security report highlights
    Cisco has released its annual information security report for 2009 and the year-end analysis makes for some interesting reading, not least because it highlights the impact of social media on network security and the critical role that people - not technology - play in creating opportunities for cybercriminals.
  • Windows autorun trojan tops November malware chart
    The latest monthly malware chart from BitDefender claims to show that the largest risk to computer users is currently Trojan.AutorunINF.Gen, a generic family of trojan malware abusing the autorun feature in Windows.

News

Conficker methodology appears in updated Neeris worm

07 April 2009

Even though version D of the Conficker worm failed to cause havoc - as was widely predicted - on April 1, the worm's methodology continues to cause problems in the shape of an updated version of the Neeris worm.

Even though version D of the Conficker worm failed to cause havoc - as was widely predicted - on April 1, the worm's methodology continues to cause problems in the shape of an updated version of the Neeris worm.

According to Microsoft, the Neeris worm - which dates back to 2005 - has been updated to exploit the same vulnerability which is being targeted by the assorted variants of Conficker now doing the rounds.

In a blog entry, Microsoft's Malware Protection Centre says that the new variant of Neeris spiked on March 31/April 1.

"However it was not downloaded by any Conficker variant and there is no evidence that it is related to Conficker.D April 1 domain algorithm activation," says the blog entry.

Microsoft has named the new version of the worm as Win32/Neeris.gen!C.

The most interesting aspect of the new version of Neeris is that Conficker malware methodology has been re-exploited in the new version, suggesting that the hackers behind Conficker may be using a worm creation kit, rather than coding from scratch.

http://onecare.live.com/standard/en-us/virusenc/VirusEncInfo.htm?VirusName=Worm:Win32/Neeris.gen!C

 

This article is featured in:
Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water