Researchers Say Conficker Is All About The Money

[Peaches]

April 9, 2009 11:43 AM PDT

Researchers say Conficker is all about the money

by Elinor Mills

The Conficker worm that has infected millions of Windows-based computers will likely be used to send spam and steal data much like one of the nastiest botnets on the Internet does, researchers said on Thursday after finding links between the two worms.

A week after failing to do anything but snore, the much hyped Conficker worm was roused from its slumber on Wednesday, with infected computers transmitting updates via peer-to-peer and dropping a mystery payload onto PCs. Researchers suspect that the payload program may be a keystroke logger, a spam generator, or both.

Conficker now also tries to connect to MySpace.com, MSN.com, eBay.com, CNN.com, and AOL.com as a way to test that the computer has Internet connectivity, deletes all traces of itself in the host machine, and is set to shut down some functionality on May 3.

In addition, Conficker reaches out to a domain that is known to be infected by a worm called Waledac and downloads an encrypted file. Researchers are analyzing that code and the program that is dropped directly onto infected machines by other infected machines to find out exactly what is in it. And they suspect that Conficker and Waledac are coming from the same people.

"I'm pretty certain the same people are behind both of them," said Paul Ferguson, an advanced threats researcher for Trend Micro. "Conficker has got their (Waledac creators') fingerprints all over it."

CNET - http://news.cnet.com/8301-1009_3-10216205-83.html

>>>>>>>>>>