It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
(visit the link for the full news article)
The Conficker worm is finally doing something--updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.
Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is a keystroke logger or some other program designed to steal sensitive data off the machine, said David Perry, global director of security education at Trend Micro.
The software appeared to be a .sys component hiding behind a rootkit, which is software that is designed to hide the fact that a computer has been compromised, according to Trend Micro. The software is heavily encrypted, which makes code analysis difficult, the researchers said.
The worm also tries to connect to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com as a way to test that the computer has Internet connectivity, deletes all traces of itself in the host machine, and is set to shut down on May 3, according to the TrendLabs Malware Blog.
The Conficker worm has started to update infected machines with a mystery package of data.
The strong encryption on the payload has, so far, prevented detailed analysis of what it actually does. However, security experts speculate that it is a "rootkit" that will bury itself deep in Windows in order to steal saleable data such as bank website login details.
Researchers have discovered another feature of the Conficker worm that provides an additional clue about the intent of the creators--the worm installs malware that masquerades as antivirus software, Trend Micro said on Friday.
To check if your computer is infected you can use this Conficker Eye Chart or this site at the University of Bonn. There is also a Conficker removal guide on CNET's Download.com site.
Originally posted by thisguyrighthere
I dont know what it was but after restarting my machine for Windows Updates last Thursday I was swamped with ridiculous malware. No programs ran in regular mode. Some ran in Safe Mode. No malware scans would install and my currently installed stuff would scan like a dozen files and claim it was done and I was clear.
Eventually I got a combination of things to run and I had Cryptor and something in the rootkit like UACD.sys that was loading as a device driver and shutting me down. There was a fake iexplore.exe in my running processes.
It was a mess.
Running Avenger and then running Avast from a thumb drive got me back on my feet though.
I was sad to learn all of that had nothing to do with Conficker. I was hoping to experience a part of annoying hyped-up tech history.