.Kompressor Posted April 8, 2009 Share Posted April 8, 2009 http://blogs.zdnet.com/security/?p=3093&tag=nl.e550 April 7th, 2009Conficker worm's copycat Neeris spreading over IM Posted by Dancho Danchev @ 1:19 pm Imitation has always been a form of flattery, and that?s particularly true for the cybercrime ecosystem. From the lone Chinese cybercriminals releasing DIY tools for generating malware actively exploiting the MS08-067 flaw, followed by the original Conficker worm, Microsoft?s MMPC (Malware Protection Center) is reporting on a currently spreading Conficker copycat detected as Worm:Win32/Neeris.gen!C. The latest variant of Neeris which has been in the wild since 2005, is mimicking all of Conficker?s spreading techniques, including the exploitation of MS08-067 and the AutoRun spreading tactic, but is continuing to propagate through its original method - sending links over MSN. With the Neeris copycat now in the game, what are the chances that it would steal some of Conficker?s market share? Pretty pessimistic. The Neeris author also attempted to launch the campaign beneath the radar with Microsoft?s MMPC pointing out that the peak of the campaign took place on late March 31st and during April 1st, Conficker?s largely overhyped update activation date. However, this tactic is not going to compensate for some of the obvious mistakes that the author made in the form of using bogus time stamps for the malware, and the use of easily spotted as malicious attachments (.exe;.scr) even by the average Internet user. Copycats don?t just share the same propagation/infection vectors, they also share the same mitigation ones. Link to comment Share on other sites More sharing options...
MrChainsaw Posted April 8, 2009 Share Posted April 8, 2009 Great. Another virus. They are getting old now, there's like a million viruses coming out daily. Link to comment Share on other sites More sharing options...
Recommended Posts