Trend Micro Discovers New Variant Of Conficker: WORM_DOWNAD.E

Trend Micro has discovered a new file sourced by a known Conficker P2P IP node - a new variant of Conficker now known as WORM_DOWNAD.E, indicating that cybercriminals behind the notorious Conficker worm may finally be gearing up for more serious attacks.

Trend Micro threat researchers had been carefully monitoring for signs of Conficker activity and discovered increasing P2P communications from the Conficker peer nodes, believed to be hosted in Korea. The file, found in the Windows Temp folder, was created on Tuesday, April 7, 2009, at 07:41:21 PM, PDT.

The new variant, WORM_DOWNAD.E, runs using a random file name and random service name; it is known to connect to the following sites: myspace.com, msn.com, ebay.com, cnn.com, and aol.com. This also propagates via MS08-067 to external IPs if the Internet is available; however, if no connections are found, it uses local IPs.

It spreads through vulnerabilities in the operating systems.

As always, Internet users are urged to install and update their security software to ensure their PCs are protected from Web threats like this that are fast, stealthy and hard-to-detect.