The 1 April Conficker scare may have come and gone, but Microsoft has uncovered a new worm that has updated itself to imitate Conficker’s characteristics.
Other similarities between Neeris and Conficker are that it downloads a copy of the worm from the attacking machine using HTTP, spreads via autorun, and uses a driver to patch the TCP/IP layer of the system.
Microsoft researchers Ziv Mador and Aaron Putnam wrote on the Malware Protection Centre blog that it was interesting that the variant of Neeris ‘spiked’ between late 31 March and 1 April, when the Conficker hype was at its highest.
However, no Conficker variant downloaded Neeris and there was no evidence it was related to Conficker.D’s 1 April algorithm change.
They said: “The earliest samples of Neeris date back to May 2005, so it seems the Conficker authors may be the copycats here… But the Neeris authors added the MS08-067 vector later.”
“Therefore it is possible that these miscreants somehow collaborate or at least are aware of each other’s ‘products’.”
The researchers similar fixes apply to Neeris as to Conficker. They advised installing the MS08-67 patch, use only AutoPlay options that were familiar, and consider disabling autorun altogether.
More fixes and information about Neeris are available here.
Related Posts: On this day...
- Gucci admin accused of $200,000 IT rampage - 2011
- Hell - 2010
- HOWTO: Install iTunes Without the Extra Bloatware - 2009
- Beware the Perils of Caffeine Withdrawal - 2009
- Man finds card skimmer on ATM - 2009
- Adblock Plus maintainer, Richard "rick752" Petnel, has passed away - 2009
- Outsourced passports netting government profits, risking national security - 2008
- Consumer (Dis)Comfort With Online Tracking - 2008
- ...and we wonder why people, pirate... - 2008