Hi avast forum members,

   April 8, 2009 3:27 PM PDT 

Trend Micro: Conficker updating via P2P, dropping payload
by Elinor Mills Font sizePrintE-mailShare4 comments Yahoo! Buzz
.The Conficker worm is finally doing something–updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.

Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is keystroke logger or some other program designed to steal sensitive data off the machine, said David Perry, global director of security education at Trend Micro.

The worm also connects to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com, deletes all traces of itself in the host machine and is set to shut down on May 3, according to the TrendLabs Malware Blog.

“After May 3, it shuts down and won’t do any replication,” Perry said. However, infected computers could still be remotely controlled to do something else, he added.

Last night Trend Micro researchers noticed a new file in the Windows Temp folder and a huge encrypted TCP response from a known Conficker P2P IP node hosted in Korea.

“As expected, the P2P communications of the Downad/Conficker botnet may have just been used to serve an update, and not via HTTP,” the blog post says. “The Conficker/Downad P2P communications is now running in full swing!”

In addition to adding the new propagation functionality, Conficker communicates with servers that are associated with the Waledac family of malware and its Storm botnet, according to a separate blog post by Trend Micro security researcher Rik Ferguson.

The worm tries to access a known Waledac domain and download another encrypted file, the researchers said.

Conficker.C failed to make a splash a week ago despite the fact that it was programmed to activate on April 1.

Initially, researchers thought they were seeing a new variant of the Conficker worm, but now they believe it is merely a new component of the worm.

       [url=http://blog.trendmicro.com/downadconficker-watch-new-variant-in-the-mix/]Trend labs Malwareblog[/url]

Is this really a surprise? ???
P2P networks are starting to get a black ominous cloud above them because they are being used more and more for illegal purposes. As the saying goes, you play with fire you get burned.

“P2P networks are starting to get a black ominous cloud above them”

Starting! it has been that way for a long time, it’s just getting worse now if malware starts to use it to download more malware.

There are some cleans P2P for legit material, for instance, Kad and eDonkey networks. Of course, like in any other field, bad guys are there too. But, in this way of thinking, you won’t connect your computer to Internet because there are tons of malicious sites…

My problem and one of the reasons why I don’t use P2P applications is, that you really have no idea of the source in a network of shares, where you haven’t the slightest idea of the content until it arrives.

I haven’t found a use/reason for using one, any legit programs freeware/shareware or paid options are available without P2P.

My understanding of P2P networks is that they are used in lieu of a dedicated server. This seems to be a good solution for sharing a particular software fast when you can’t use a server.

Just a mater of opinion… I’m not sure this is completely right.

P2P is nothing more than it states Peer to Peer bog standard computer to bog standard computer but the ‘network’ is maintained so they know where these peers are and what is available from them.

So you would be happy getting x software from Joe Blogs who you don’t know from Adam, from Who Knows Where and you don’t know if their system is infected or not, thanks but no thanks.

NO :o
What I am trying to point to is that in a Utopian world this method of file transfer has a purpose. So within certain contexts p2p is not bad. Yes you make a good point about the unknown that lies at the base of this method but I’m not encouraging the use of them. I’m simply saying that they can be used for good purposes.

That is the problem, you aren’t in control of the context or the location where the file might be shared from, that is down to the network controller so you still don’t know the source.

hmh… good point. But I did mention “in a Utopian world” which sadly, will most likely never occur.

It was my understanding from the beginning of P2P that it was a good way to lull the unsuspecting into downloadong the unexpected. It works very well in that capacity.

Use of P2P programs means that sooner or later, your computer will become infected.

Then you can check it with www.virustotal.com, for instance.

As I said, until it arrives, that may be too late as a crafted p2p may also be able to do more than simply download a single file.

No, they can’t. You can monitor all the downloaded files and they’re not executed by themselves.

How many of your averages users do that, they continue working with it running in the background, I just don’t trust P2P, being a suspicious sod ;D

Also how many would exceed the VT upload limit of 10MB, there are just too many grey areas for me.

The same for emails, Internet, USB drivers…
I just can live outside of the planet ;D

Hi Tech,

Just to proof to you Conficker is a Media hype also:
http://www.gizmodo.com.au/2009/04/new_pc_badges_help_us_with_our_conficker_decision-2.html
Are you ready for these stickers,

polonus

Thanks Damian-already got mine ;D

http://i40.tinypic.com/20tjcsm.png